Open Redirect Flaw in SimpleSAMLphp by SimpleSAML
CVE-2018-6520

6.1MEDIUM

Key Information:

Vendor: SimplesamlPHP
Status: SimplesamlPHP
Vendor: CVE Published:; 2 February 2018

🔔 Create SimplesamlPHP Vulnerability Alert

What is CVE-2018-6520?

A security flaw in SimpleSAMLphp prior to version 1.15.2 enables remote attackers to exploit the application's open redirect protection. By crafting specific authority data in URLs, attackers can redirect users to potentially malicious sites without the user's consent, posing significant risks to authentication processes and user safety. This vulnerability highlights the importance of robust input validation mechanisms in web applications.

References

https://simplesamlphp.org/security/201801-02

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Feb 1, 2018

CVE-2018-6520 Data

JSON