5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-v858-922f-fj9v

GHSA-v858-922f-fj9v: SimpleSAMLphp Link Injection vulnerability

Background

Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out.

Description

The following scripts were not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on:

www/logout.php
modules/core/www/no_cookie.php The issue allowed attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link_href and retryURL HTTP parameters, respectively. The issue was resolved by including a verification of the URLs received in the request against a white list of websites specified in the trusted.url.domains configuration option.

Affected versions

All SimpleSAMLphp versions prior to 1.14.4.

Impact

A remote attacker could craft a link pointing to a trusted website running SimpleSAMLphp, including a parameter pointing to a malicious website, and try to fool the victim into visiting that website by clicking on a link in the page presented by SimpleSAMLphp.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-v858-922f-fj9v

GHSA-v858-922f-fj9v:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
simplesamlphp/simplesamlphp	composer	< 1.14.4	1.14.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of user-supplied parameters ('link_href' and 'retryURL') in the scripts www/logout.php and modules/core/www/no_cookie.php. These scripts directly process HTTP request parameters and pass them to the normalization function \SimpleSAML\Utils\HTTP::normalizeURL() without validation. However, the vulnerability does not reside in a specific named function but in the procedural flow of these scripts. The lack of validation (via checkURLAllowed) in the parameter-handling logic allowed arbitrary URLs to be injected. Since the vulnerable code exists at the script level rather than within defined functions, no specific functions are identified as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-v858-922f-fj9v: SimpleSAMLphp Link Injection vulnerability

Background

Description

Affected versions

Impact

GHSA-v858-922f-fj9v:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.4

5.4

GHSA-v858-922f-fj9v: SimpleSAMLphp Link Injection vulnerability

Background

Description

Affected versions

Impact

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI