CVE-2020-5301

描述

### Background The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. ### Description The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. ### Affected versions SimpleSAMLphp versions **1.18.5 and older**. ### Impact An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. ### Resolution Upgrade the SimpleSAMLphp installation to version **1.18.6**. ### Credit This vulnerability was discovered and reported by Sławek Naczyński.

受影響套件(1)

• Packagist/simplesamlphp/simplesamlphpfrom 0, < 1.18.6

CVSS 分數

參考連結(6)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-5301
• WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2020-5301.yaml
• WEBhttps://github.com/simplesamlphp/simplesamlphp
• WEBhttps://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e
• WEBhttps://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq
• WEBhttps://simplesamlphp.org/security/202004-01