CVE-2017-12873

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12873

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12873.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-12873

Aliases

GHSA-gp2m-7cfp-h6gf

Downstream

DEBIAN-CVE-2017-12873

DLA-1205-1

DSA-4127-1

UBUNTU-CVE-2017-12873

Published

2017-09-01T21:29:00.593Z

Modified

2025-11-14T05:01:28.508015Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.

References

Affected packages

Git / github.com/simplesamlphp/simplesamlphp

Affected ranges

Type: GIT
Repo: https://github.com/simplesamlphp/simplesamlphp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

90dca835158495b173808273e7df127303b8b953

Affected versions

v1.*

v1.12.0

v1.14.0

v1.14.0-rc1

v1.14.1

v1.14.10

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.14.6

v1.14.7

v1.14.8

v1.14.9