Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseGHSA-ppm4-r2vc-pg74
GHSA-ppm4-r2vc-pg74:
PHP vulnerability analysis and mitigation
Overview
SimpleSAMLphp versions 1.17.0 through 1.17.7 contained an information disclosure vulnerability in the new user interface preview feature. The vulnerability was discovered on November 19, 2019, affecting the admin module when the new experimental user interface was enabled. This security issue allowed unauthorized access to system information through an unprotected phpinfo() endpoint (SimpleSAMLphp Advisory).
Technical details
The vulnerability existed in the admin module's new interface, which included functionality to view host information using the PHP phpinfo() function. The endpoint exposing this function lacked proper authentication checks for administrator privileges, allowing unauthenticated access to sensitive system information. The vulnerability has been assigned a CVSS v3.1 score of 5.9 (Moderate) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network vector attack with high complexity and potential for high confidentiality impact (GitHub Advisory).
Impact
An attacker could exploit this vulnerability to gather intelligence about the host system where SimpleSAMLphp is deployed, potentially using this information for further attacks. However, the impact was considered low due to two prerequisite conditions: the new user interface had to be explicitly enabled via the usenewui configuration option, and the admin module needed to be enabled (SimpleSAMLphp Advisory).
Mitigation and workarounds
The vulnerability was patched in SimpleSAMLphp version 1.17.8. Users can mitigate the issue by either upgrading to version 1.17.8 or later, disabling the new user interface by setting usenewui configuration option to false, or disabling the admin module in the configuration. The fix implemented proper authentication checks requiring admin privileges for accessing the phpinfo endpoint (SimpleSAMLphp Advisory, GitHub Commit).
Community reactions
The vulnerability was responsibly disclosed by security researcher Dirk-jan Mollema on November 19, 2019, and was promptly addressed by the SimpleSAMLphp team (SimpleSAMLphp Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management