Name of the Vulnerable Software and Affected Versions SimpleSAMLphp versions prior to 1.14.4

Description The issue concerns several scripts in SimpleSAMLphp that display web pages with links obtained from request parameters, enhancing usability by presenting users with links to follow after completing certain actions. However, scripts like www/logout.php and modules/core/www/no cookie.php did not check URLs obtained via HTTP requests before displaying them as link targets. This allowed attackers to display links to malicious websites within a trusted site running SimpleSAMLphp due to the lack of security checks on link href and retryURL HTTP parameters. The issue was resolved by verifying URLs against a whitelist of websites specified in the trusted.url.domains configuration option. A remote attacker could craft a link pointing to a trusted website running SimpleSAMLphp, including a parameter pointing to a malicious website, attempting to fool the victim into visiting that website by clicking on a link presented by SimpleSAMLphp.

Recommendations Upgrade to version 1.14.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the www/logout.php and modules/core/www/no cookie.php scripts until the upgrade is applied. Additionally, ensure the trusted.url.domains configuration option is properly set to minimize the risk of exploitation.