simplesamlphp/simplesamlphp Security Advisories (22)
-
[HIGH] simpleSAMLphp incorrectly handles XML encryption
PKSA-hk9y-3wpr-11pk CVE-2011-4625 GHSA-5fj7-f8x3-q2mc
Affected version: <1.8.1
Reported by:
GitHub -
[LOW] Cross-site scripting in SimpleSAMLphp
PKSA-ycht-1qgw-1z9b CVE-2020-5226 GHSA-mj9p-v2r8-wf8w
Affected version: >=1.18.0,<1.18.4
Reported by:
GitHub -
[LOW] Log injection in SimpleSAMLphp
PKSA-g1nk-699g-2gbq CVE-2020-5225 GHSA-6gc6-m364-85ww
Affected version: <1.18.4
Reported by:
GitHub -
[LOW] Information disclosure
PKSA-sjwt-gdw3-11jc GHSA-2r3v-q9x3-7g46
Affected version: >=1.17.0,<1.17.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Reflected Cross-Site-Scripting
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.15.0|>=1.15.0,<1.16.0|>=1.16.0,<1.17.0|>=1.17.0,<1.17.3
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
[LOW] Information disclosure of source code
PKSA-x565-3dmv-75hd CVE-2020-5301 GHSA-24m3-w8g9-jwpq
Affected version: <1.18.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Use of insecure connection charset (sqlauth module)
PKSA-2cdr-qj7j-y6rv CVE-2018-6521
Affected version: <1.15.2
Reported by:
FriendsOfPHP/security-advisories -
Signature validation bypass (SAML 1.1)
PKSA-sbzp-sfcv-rv5g CVE-2017-18122
Affected version: <1.14.17
Reported by:
FriendsOfPHP/security-advisories -
Signature validation bypass
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.17
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross Site Scripting (XSS) in the consentAdmin module
PKSA-fvmb-6b5t-2yv5 CVE-2017-18121 GHSA-fv7m-wc3v-wr3w
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Invalid token creation and validation
PKSA-xt5r-9jkw-6fks CVE-2017-12867
Affected version: >=1.14.0,<1.14.15
Reported by:
FriendsOfPHP/security-advisories -
Authentication context bypass (multiauth module)
PKSA-wk1k-gg3r-b9ps CVE-2017-12869
Affected version: <1.14.14
Reported by:
FriendsOfPHP/security-advisories -
Session fixation and authentication bypass (authcrypt module)
PKSA-2qjk-5gny-czwm CVE-2017-12868
Affected version: >=1.14.12,<1.14.14
Reported by:
FriendsOfPHP/security-advisories -
Unauthenticated encryption in CBC mode
PKSA-4k4v-hvd4-cf6g CVE-2017-12870
Affected version: <1.14.13
Reported by:
FriendsOfPHP/security-advisories -
Incorrect IV generation for encryption
PKSA-1z4s-btyn-9vw9 CVE-2017-12871
Affected version: >=1.14.0,<1.14.12
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Multiple timing side-channel issues
PKSA-x6yn-24fw-cc17 CVE-2017-12872 GHSA-v882-949x-6v28
Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Incorrect persistent NameID generation
PKSA-1258-5phg-53sm CVE-2017-12873 GHSA-gp2m-7cfp-h6gf
Affected version: >=1.7.0,<1.14.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Incorrect signature verification
PKSA-gtm7-gv1y-95m2 CVE-2016-9955 GHSA-p9cm-r7jg-8q3g
Affected version: <1.14.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Information leakage issue in the sanitycheck module
PKSA-yz8b-pk77-1vms CVE-2016-3124
Affected version: <1.14.1
Reported by:
FriendsOfPHP/security-advisories