-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input validation in the multiauth module's authentication source selection process. The MultiAuth::authenticate function was responsible for handling user input to select an authentication source but failed to properly validate that the selected source was in the configured allowed list. This allowed attackers to specify any authentication source defined in the system, bypassing context restrictions. The SSPSA advisory explicitly mentions this improper validation of user input in the multiauth module as the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| simplesamlphp/simplesamlphp | composer | < 1.14.14 | 1.14.14 |
A Semantic Attack on Google Gemini - Read the Latest Research