BIT-symfony-2021-32693

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/symfony/BIT-symfony-2021-32693.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-symfony-2021-32693
Aliases
Published
2024-03-06T11:08:04.988Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it.

Database specific
{
    "cpes": [
        "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / symfony

Package

Name
symfony
Purl
pkg:bitnami/symfony

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
5.3.0
Fixed
5.3.2