CVE-2017-12869
published 2017-09-01CVE-2017-12869: The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | simplesamlphp | < simplesamlphp 1.14.15-1 (bookworm) | simplesamlphp 1.14.15-1 (bookworm) |
| simplesamlphp | simplesamlphp | <= 1.14.13 | — |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.15-1 | 1.14.15-1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.15-1 | 1.14.15-1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.14 | 1.14.14 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH