Security Advisories - simplesamlphp/simplesamlphp

simplesamlphp/simplesamlphp Security Advisories for v1.14.0 (17)

[LOW] Log injection in SimpleSAMLphp

PKSA-g1nk-699g-2gbq CVE-2020-5225 GHSA-6gc6-m364-85ww

Affected version: <1.18.4

Reported by:
GitHub
Reflected Cross-Site-Scripting

PKSA-3x8n-wm49-n67d

Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.15.0|>=1.15.0,<1.16.0|>=1.16.0,<1.17.0|>=1.17.0,<1.17.3

Reported by:
FriendsOfPHP/security-advisories
[LOW] Information disclosure of source code

PKSA-x565-3dmv-75hd CVE-2020-5301 GHSA-24m3-w8g9-jwpq

Affected version: <1.18.6

Reported by:
GitHub, FriendsOfPHP/security-advisories
Open redirection protection bypass

PKSA-b12x-6nzb-bjj1 CVE-2018-6520

Affected version: <1.15.2

Reported by:
FriendsOfPHP/security-advisories
Use of insecure connection charset (sqlauth module)

PKSA-2cdr-qj7j-y6rv CVE-2018-6521

Affected version: <1.15.2

Reported by:
FriendsOfPHP/security-advisories
Signature validation bypass (SAML 1.1)

PKSA-sbzp-sfcv-rv5g CVE-2017-18122

Affected version: <1.14.17

Reported by:
FriendsOfPHP/security-advisories
Signature validation bypass

PKSA-k6kb-6mrv-6jc6

Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.17

Reported by:
FriendsOfPHP/security-advisories
[MEDIUM] Cross Site Scripting (XSS) in the consentAdmin module

PKSA-fvmb-6b5t-2yv5 CVE-2017-18121 GHSA-fv7m-wc3v-wr3w

Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.16

Reported by:
GitHub, FriendsOfPHP/security-advisories
Invalid token creation and validation

PKSA-xt5r-9jkw-6fks CVE-2017-12867

Affected version: >=1.14.0,<1.14.15

Reported by:
FriendsOfPHP/security-advisories
Authentication context bypass (multiauth module)

PKSA-wk1k-gg3r-b9ps CVE-2017-12869

Affected version: <1.14.14

Reported by:
FriendsOfPHP/security-advisories
Unauthenticated encryption in CBC mode

PKSA-4k4v-hvd4-cf6g CVE-2017-12870

Affected version: <1.14.13

Reported by:
FriendsOfPHP/security-advisories
Incorrect IV generation for encryption

PKSA-1z4s-btyn-9vw9 CVE-2017-12871

Affected version: >=1.14.0,<1.14.12

Reported by:
FriendsOfPHP/security-advisories
[MEDIUM] Multiple timing side-channel issues

PKSA-x6yn-24fw-cc17 CVE-2017-12872 GHSA-v882-949x-6v28

Affected version: >=1.12.0,<1.13.0|>=1.13.0,<1.14.0|>=1.14.0,<1.14.12

Reported by:
GitHub, FriendsOfPHP/security-advisories
[CRITICAL] Incorrect persistent NameID generation

PKSA-1258-5phg-53sm CVE-2017-12873 GHSA-gp2m-7cfp-h6gf

Affected version: >=1.7.0,<1.14.11

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Incorrect signature verification

PKSA-gtm7-gv1y-95m2 CVE-2016-9955 GHSA-p9cm-r7jg-8q3g

Affected version: <1.14.11

Reported by:
GitHub, FriendsOfPHP/security-advisories
Link injection

PKSA-5r1b-hdtj-b7tm

Affected version: <1.14.4

Reported by:
FriendsOfPHP/security-advisories
Information leakage issue in the sanitycheck module

PKSA-yz8b-pk77-1vms CVE-2016-3124

Affected version: <1.14.1

Reported by:
FriendsOfPHP/security-advisories

simplesamlphp/simplesamlphp Security Advisories for v1.14.0 (17)

[LOW] Log injection in SimpleSAMLphp

[LOW] Information disclosure of source code

[MEDIUM] Cross Site Scripting (XSS) in the consentAdmin module

[MEDIUM] Multiple timing side-channel issues

[CRITICAL] Incorrect persistent NameID generation

[MEDIUM] Incorrect signature verification