fkie_cve-2020-5301
Vulnerability from fkie_nvd
Published
2020-04-21 20:15
Modified
2024-11-21 05:33
Severity ?
3.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6.
References
security-advisories@github.comhttps://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44ePatch, Third Party Advisory
security-advisories@github.comhttps://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpqThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44ePatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpqThird Party Advisory
Impacted products
Vendor Product Version
simplesamlphp simplesamlphp *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD186CF9-4548-455F-8A4C-F4D8FD572416",
              "versionEndExcluding": "1.18.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6."
    },
    {
      "lang": "es",
      "value": "Las versiones SimpleSAMLphp en versiones anteriores a la 1.18.6 contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. El controlador de m\u00f3dulos en `SimpleSAML\\Module` que procesa las peticiones de p\u00e1ginas alojadas por m\u00f3dulos, tiene c\u00f3digo para identificar las rutas que terminan en `.php` y procesarlas como c\u00f3digo PHP. Si no existe otra forma adecuada de manejar la ruta dada, presenta el archivo al navegador. La comprobaci\u00f3n para identificar los caminos que terminan en `.php` no tiene en cuenta las may\u00fasculas. Si alguien solicita un camino que termina por ejemplo con `.PHP` y el servidor est\u00e1 sirviendo el c\u00f3digo de un sistema de archivos que no distingue entre may\u00fasculas y min\u00fasculas, como en Windows, el procesamiento del c\u00f3digo PHP no ocurre, y el c\u00f3digo fuente se presenta en su lugar al navegador. Un atacante puede utilizar este problema para obtener acceso al c\u00f3digo fuente en m\u00f3dulos de terceros que se supone que son privados, o incluso sensibles. Sin embargo, se considera que la superficie de ataque es peque\u00f1a, ya que el ataque s\u00f3lo funcionar\u00e1 cuando SimpleSAMLphp sirva ese contenido desde un sistema de archivos que no distinga entre may\u00fasculas y min\u00fasculas, como en Windows. Este problema est\u00e1 corregido en la versi\u00f3n 1.18.6."
    }
  ],
  "id": "CVE-2020-5301",
  "lastModified": "2024-11-21T05:33:52.057",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.0,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-21T20:15:13.260",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-178"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.