Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. simplesamlphp/simplesamlphp
  4. ›
  5. GMS-2020-602

GMS-2020-602: Link injection in SimpleSAMLphp

January 24, 2020 (updated August 19, 2021)

Background

Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out.

Description

The following scripts were not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on:

  • www/logout.php
  • modules/core/www/no_cookie.php

The issue allowed attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link_href and retryURL HTTP parameters, respectively. The issue was resolved by including a verification of the URLs received in the request against a white list of websites specified in the trusted.url.domains configuration option.

Affected versions

All SimpleSAMLphp versions prior to 1.14.4.

Impact

A remote attacker could craft a link pointing to a trusted website running SimpleSAMLphp, including a parameter pointing to a malicious website, and try to fool the victim into visiting that website by clicking on a link in the page presented by SimpleSAMLphp.

Resolution

Upgrade to the latest version.

Credit

This security issue was discovered and reported by John Page (hyp3rlinx).

References

  • github.com/advisories/GHSA-2r3v-q9x3-7g46
  • github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-2r3v-q9x3-7g46
  • snyk.io/vuln/SNYK-PHP-SIMPLESAMLPHPSIMPLESAMLPHP-70160

Code Behaviors & Features

Detect and mitigate GMS-2020-602 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 1.14.4

Fixed versions

  • 1.14.4

Solution

Upgrade to version 1.14.4 or above.

Source file

packagist/simplesamlphp/simplesamlphp/GMS-2020-602.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:39 +0000.