Home > Vulnerability Database > WS-2018-0227

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2018-0227

Good to know:

Date: December 20, 2018

Simplesamlphp, before 1.16.3, has a Credentials exposure in session storage vulnerability.

Language: PHP

Severity Score

4.9

Related Resources (3)

Url: https://simplesamlphp.org/security/201812-01

Url: https://github.com/simplesamlphp/simplesamlphp/commit/44d1e3052930d93f0f554c25bc7c7602f8136880

Url: https://www.mend.io/vulnerability-database/WS-2018-0227

Severity Score

4.9

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version simplesamlphp/saml2 - v1.9;simplesamlphp/saml2 - v1.9.1;simplesamlphp/saml2 - v1.8.1;simplesamlphp/saml2 - dev-condition-2;simplesamlphp/saml2 - v1.10;simplesamlphp/saml2 - v1.6.0;simplesamlphp/saml2 - v1.5.1;simplesamlphp/saml2 - dev-release-1.8.x;simplesamlphp/saml2 - v1.6.1;simplesamlphp/saml2 - v1.7.0;simplesamlphp/saml2 - dev-release-1.9.x;simplesamlphp/saml2 - v1.9.2;simplesamlphp/saml2 - v1.5.0;simplesamlphp/saml2 - v1.8.2;simplesamlphp/saml2 - v1.8;simplesamlphp/simplesamlphp - dev-dependabot/composer/simplesamlphp/xml-common-1.16.0;simplesamlphp/simplesamlphp - dev-dependabot/composer/simplesamlphp/xml-common-1.16.1;simplesamlphp/simplesamlphp - dev-dependabot/npm_and_yarn/jquery-ui-1.13.0;simplesamlphp/simplesamlphp - 1.16.3;simplesamlphp/simplesamlphp - simplesamlphp-1.12.0;helsingborg-stad/municipio - v1.0.2;helsingborg-stad/municipio - dev-dependabot/npm_and_yarn/hosted-git-info-2.8.9;helsingborg-stad/municipio - dev-feat/2iqOr200iq;helsingborg-stad/municipio - v1.0.0-alpha;helsingborg-stad/municipio - dev-dependabot/npm_and_yarn/loader-utils-2.0.4;madmatt/simplesamlphp - dev-master;madmatt/simplesamlphp - no_fix;tvdijen/simplesamlphp - dev-validUntilcacheDuration;linkid/linkid-sdk - 2.0;madmatt/saml2 - dev-release-2.x;madmatt/saml2 - v1.6.1;madmatt/saml2 - v1.5.0;madmatt/saml2 - v1.6.0;madmatt/saml2 - v1.5.1;madmatt/saml2 - v1.7.0;rozmarbeka/saml2 - v1.6.1;rozmarbeka/saml2 - v1.6.0;rozmarbeka/saml2 - v1.5.1;rozmarbeka/saml2 - v1.10;rozmarbeka/saml2 - dev-release-2.x;rozmarbeka/saml2 - v1.5.0;rozmarbeka/saml2 - v1.8;rozmarbeka/saml2 - v1.7.0;rozmarbeka/saml2 - v1.9;ym-careers/simplesamlphp - dev-release/v.1.0.7;ym-careers/simplesamlphp - no_fix;ym-careers/simplesamlphp - dev-feature/update-saml2-version;ym-careers/simplesamlphp - dev-feature/twigphp-twig-vulnerability-updates;ym-careers/simplesamlphp - dev-release/v1.0.6;simplesamlphp/simplesamlphp-module-ldap - v1.14.9;kosolution/simplesamlphp - no_fix;pi/pi - 2.5.0;temp/saml2 - no_fix;rozmarbeka/simplesamlphp - v1.13.0;rozmarbeka/simplesamlphp - dev-master;rozmarbeka/simplesamlphp - simplesamlphp-1.12.0;rozmarbeka/simplesamlphp - v1.14.0;srce/simplesamlphp-aai - dev-master

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0227

Good to know:

Date: December 20, 2018

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?