CVE-2020-5225

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp versions up to 1.18.3

Description The issue concerns log injection in SimpleSAMLphp. The www/errorreport.php script did not properly sanitize the reportID parameter obtained from the request, allowing an attacker to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. This allows a malicious user to inject new log lines with arbitrary content by injecting newline characters into the reportID parameter. The attack surface is considered small, as the attack will only work with the file logging handler, which opens the log file in append-only mode.

Recommendations Upgrade the SimpleSAMLphp installation to version 1.18.4. As a temporary workaround, consider restricting access to the www/errorreport.php script to minimize the risk of exploitation. Avoid using the reportID parameter in the affected API endpoint until the issue is resolved.