Skip to content

Commit 25987be

Browse files
tvdijentvdijen
committed
deploy: 1440a1e 
1 parent 4103cdc commit 25987be

3 files changed

Lines changed: 124 additions & 2 deletions

File tree

feed.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@
55
<description>SimpleSAMLphp** is an award-winning application written in native PHP that deals with authentication. It implements support for multiple protocols, most notably SAML, OpenID or OAuth.</description>
66
<link>https://simplesamlphp.org/</link>
77
<atom:link href="https://simplesamlphp.org/feed.xml" rel="self" type="application/rss+xml"/>
8-
<pubDate>Mon, 02 Dec 2024 00:23:33 +0000</pubDate>
9-
<lastBuildDate>Mon, 02 Dec 2024 00:23:33 +0000</lastBuildDate>
8+
<pubDate>Mon, 02 Dec 2024 10:25:14 +0000</pubDate>
9+
<lastBuildDate>Mon, 02 Dec 2024 10:25:14 +0000</lastBuildDate>
1010
<generator>Jekyll v4.2.1</generator>
1111

1212
<item>

security/202412-01.html

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
<!DOCTYPE html>
2+
<html lang="en">
3+
<head>
4+
<meta http-equiv="content-type" content="text/html; charset=utf-8">
5+
<meta name="google-site-verification" content="2S8M18BgYs8cLRL6ClTrfW_xGxfFtMZu2b2jhjrNlss">
6+
7+
<meta http-equiv="X-UA-Compatible" content="IE=edge">
8+
<meta name="viewport" content="width=device-width, initial-scale=1">
9+
10+
<title>SSPSA 202412-01: XXE in parsing SAML messages - SimpleSAMLphp</title>
11+
<meta name="description" content="SimpleSAMLphp** is an award-winning application written in native PHP that deals with authentication. It implements support for multiple protocols, most notably SAML, OpenID or OAuth.">
12+
13+
<link rel="stylesheet" href="/res/css/style.css">
14+
<link rel="stylesheet" href="/res/css/layout.css">
15+
<link rel="canonical" href="https://simplesamlphp.org/security/202412-01.html">
16+
<link rel="alternate" type="application/rss+xml" title="SimpleSAMLphp" href="https://simplesamlphp.org/feed.xml">
17+
</head>
18+
19+
<body>
20+
<!-- Red logo header -->
21+
<header>
22+
<div id="header">
23+
<div class="right">
24+
<form class="searchbox" method="get" action="https://www.google.com/cse">
25+
<input type="hidden" name="cx" value="004202914224971217557:8ks4jjstupq">
26+
<input type="hidden" name="siteurl" value="www.google.com/cse/home?cx=004202914224971217557:8ks4jjstupq">
27+
<input type="hidden" name="adkw" value="AELymgVJ6Sk-kOvUjbxvgShTLwiFlma2evFuVCh0r8q23vn_4eVnkcdnPfbgMvYUTpJpVlb-KkGAKkbn0i-AlWHsVRR9O0J4CNb6cXFkEKRdjXxsC_NlVD4">
28+
<input type="search" name="q" placeholder="Search" value="">
29+
</form>
30+
</div>
31+
<div class="v-center logo-header">
32+
<div id="logo">
33+
<a href="https://simplesamlphp.org">
34+
<span class="simple">Simple</span>
35+
<span class="saml">SAML</span>
36+
<span class="simple">php</span>
37+
</a>
38+
</div>
39+
</div>
40+
41+
</div>
42+
43+
<!-- Grey header bar below -->
44+
<nav>
45+
<div id="headerbar">
46+
<p id="breadcrumb"><a href="https://simplesamlphp.org">Home</a> » SSPSA 202412-01: XXE in parsing SAML messages</p>
47+
<div class="mtoolbar">
48+
<div class="menuitem first">
49+
<a href="/download">Download</a>
50+
</div>
51+
<div class="menuitem">
52+
<a href="/docs">Documentation</a>
53+
</div>
54+
<div class="menuitem">
55+
<a href="/security">Security</a>
56+
</div>
57+
<div class="menuitem">
58+
<a href="/modules/">Modules</a>
59+
</div>
60+
<div class="menuitem">
61+
<a href="/support/">Support</a>
62+
</div>
63+
<div class="menuitem last">
64+
<a href="/contrib/">Contribute</a>
65+
</div>
66+
</div>
67+
<br style="clear: both; height: 0px; width: 0px">
68+
<br style="height: 0px; clear: both">
69+
</div><!-- /#headerbar -->
70+
</nav>
71+
</header>
72+
73+
<main>
74+
75+
<aside><div class="sidebar-warning right">
76+
<h2>Date</h2>
77+
2 December 2024
78+
<h2>Affected versions</h2>
79+
80+
<code>SimpleSAMLphp 2.3.0 - 2.3.4</code><br />
81+
<code>SimpleSAMLphp 2.2.0 - 2.2.4</code><br />
82+
<code>SimpleSAMLphp 2.1.0 - 2.1.7</code><br />
83+
<code>SimpleSAMLphp 2.0.0 - 2.0.14</code><br />
84+
85+
<code>Any older version</code><br />
86+
<h2>Severity</h2>
87+
High - CVE 8.3
88+
</div></aside>
89+
90+
<h1 id="202412-01">202412-01</h1>
91+
92+
<p><strong>XXE in parsing SAML messages</strong></p>
93+
94+
<h3 id="description">Description</h3>
95+
96+
<p>When loading an (untrusted) XML document, for example the SAMLResponse, it’s possible to induce an XXE.</p>
97+
98+
<h3 id="mitigation">Mitigation:</h3>
99+
100+
<p>Remove the <code class="language-plaintext highlighter-rouge">LIBXML_DTDLOAD | LIBXML_DTDATTR</code> options from <code class="language-plaintext highlighter-rouge">$options</code> is in: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.php#L41</p>
101+
102+
<h3 id="background--details">Background / details</h3>
103+
104+
<p>To be published on Dec 8th</p>
105+
106+
<h3 id="credit">Credit</h3>
107+
108+
<p>This vulnerability was discovered and reported by ahacker1-securesaml on November 18, 2024.
109+
It is registered under CVE-2024-52596.</p>
110+
111+
</main>
112+
113+
<footer>
114+
<img class="logo" src="/res/ssplogo-fish-2.svg" alt="">
115+
</footer>
116+
117+
</body>
118+
</html>

sitemap.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,10 @@
129129
<loc>https://simplesamlphp.org/security/202309-01.html</loc>
130130
</url>
131131

132+
<url>
133+
<loc>https://simplesamlphp.org/security/202412-01.html</loc>
134+
</url>
135+
132136
<url>
133137
<loc>https://simplesamlphp.org/404.html</loc>
134138
</url>

0 commit comments

Comments
 (0)