CVE 2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/
See the
CVE page on Mitre.org
for more details.