CVE-2020-5301
LOW3.0EPSS 0.14%Information disclosure of source code in SimpleSAMLphp
Description
### Background The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. ### Description The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. ### Affected versions SimpleSAMLphp versions **1.18.5 and older**. ### Impact An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. ### Resolution Upgrade the SimpleSAMLphp installation to version **1.18.6**. ### Credit This vulnerability was discovered and reported by Sławek Naczyński.
Affected packages (1)
- Packagist/simplesamlphp/simplesamlphpfrom 0, < 1.18.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.0 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-5301
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml
- WEBhttps://github.com/simplesamlphp/simplesamlphp
- WEBhttps://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e
- WEBhttps://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq
- WEBhttps://simplesamlphp.org/security/202004-01