CVE-2017-12873
Published: 1 September 2017
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Priority
Status
Package | Release | Status |
---|---|---|
simplesamlphp Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.14.15-1)
|
bionic |
Not vulnerable
(1.14.15-1)
|
|
cosmic |
Not vulnerable
(1.14.15-1)
|
|
disco |
Not vulnerable
(1.14.15-1)
|
|
eoan |
Not vulnerable
(1.14.15-1)
|
|
focal |
Not vulnerable
(1.14.15-1)
|
|
groovy |
Not vulnerable
(1.14.15-1)
|
|
hirsute |
Not vulnerable
(1.14.15-1)
|
|
impish |
Not vulnerable
(1.14.15-1)
|
|
jammy |
Not vulnerable
(1.14.15-1)
|
|
kinetic |
Not vulnerable
(1.14.15-1)
|
|
lunar |
Not vulnerable
(1.14.15-1)
|
|
mantic |
Not vulnerable
(1.14.15-1)
|
|
noble |
Not vulnerable
(1.14.15-1)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1.14.15-1)
|
|
xenial |
Needed
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |