Vulnerability CVE-2020-5225

Vulnerability Name:

CVE-2020-5225 (CCN-175520)

Assigned:

2020-01-24

Published:

2020-01-24

Updated:

2020-01-31

Summary:

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

2.9 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
2.6 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

1.2 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-532

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2020-5225

Source: XF
Type: UNKNOWN
simplesaml-cve20205225-log-injection(175520)

Source: CCN
Type: simplesamlphp GitHub Web site
Log injection

Source: CONFIRM
Type: Third Party Advisory
https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww

Source: CCN
Type: SimpleSAMLphp Security Advisory 202001-02
Log injection

Source: MISC
Type: Vendor Advisory
https://simplesamlphp.org/security/202001-02

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-5225

Vulnerable Configuration:

Configuration 1:

cpe:/a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:* (Version < 1.18.4)

Configuration CCN 1:

cpe:/a:simplesamlphp:simplesamlphp:1.16.0:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.16.1:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.16.2:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.0:-:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.1:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.2:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.3:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.4:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.5:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.6:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.17.7:*:*:*:*:*:*:*

OR cpe:/a:simplesamlphp:simplesamlphp:1.18.0:rc1:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.bionic:def:202052250000000	V	CVE-2020-5225 on Ubuntu 18.04 LTS (bionic) - medium.	2020-01-24
oval:com.ubuntu.xenial:def:202052250000000	V	CVE-2020-5225 on Ubuntu 16.04 LTS (xenial) - medium.	2020-01-24

BACK