What is the severity of CVE-2020-5225?

The severity of CVE-2020-5225 is medium with a CVSS score of 5.4.

How does CVE-2020-5225 affect SimpleSAMLphp?

CVE-2020-5225 affects SimpleSAMLphp versions up to 1.18.4.

What is log injection?

Log injection is a vulnerability where an attacker can inject malicious data into log files to manipulate or disrupt the logging process.

What is the impact of CVE-2020-5225?

The impact of CVE-2020-5225 allows an attacker, under specific circumstances, to inject arbitrary log entries and potentially escalate their privileges.

How can I fix CVE-2020-5225?

To fix CVE-2020-5225, update SimpleSAMLphp to version 1.18.4 or later.

Vulnerability/
CVE-2020-5225

medium

5.5

CWE

532

24/1/2020

4/8/2024

CVE-2020-5225: Log injection in SimpleSAMLphp

First published: Fri Jan 24 2020(Updated: )

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
SimpleSAMLphp	<1.18.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-5225?
The severity of CVE-2020-5225 is medium with a CVSS score of 5.4.
How does CVE-2020-5225 affect SimpleSAMLphp?
CVE-2020-5225 affects SimpleSAMLphp versions up to 1.18.4.
What is log injection?
Log injection is a vulnerability where an attacker can inject malicious data into log files to manipulate or disrupt the logging process.
What is the impact of CVE-2020-5225?
The impact of CVE-2020-5225 allows an attacker, under specific circumstances, to inject arbitrary log entries and potentially escalate their privileges.
How can I fix CVE-2020-5225?
To fix CVE-2020-5225, update SimpleSAMLphp to version 1.18.4 or later.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/title
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/simplesamlphp
canonical/simplesamlphp

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.