CVE-2017-12873
CRITICAL9.8EPSS 0.73%Incorrect persistent NameID generation in SimpleSAMLphp
發布日:2020/1/24修改日:2026/4/28
描述
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
受影響套件(2)
- Debian/simplesamlphpfrom 0, < 1.14.11-1
- Packagist/simplesamlphp/simplesamlphp>= 1.7.0, < 1.14.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-12873
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-12873
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12873.yaml
- WEBhttps://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953
- WEBhttps://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-gp2m-7cfp-h6gf
- WEBhttps://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- WEBhttps://simplesamlphp.org/security/201612-04
- WEBhttps://www.debian.org/security/2018/dsa-4127