CVE Vulnerability

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

5.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://simplesamlphp.org/security/202001-02 Vendor Advisory
https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*
Information

Published : 2020-01-24 09:15

Updated : 2020-01-31 07:11

NVD link : CVE-2020-5225

Mitre link : CVE-2020-5225

Products Affected
No products.
CWE
CWE-532

Insertion of Sensitive Information into Log File