CVE-2024-27915

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27915
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27915.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27915
Aliases
Published
2024-03-06T20:15:47Z
Modified
2024-10-12T11:21:15.535508Z
Summary
[none]
Details

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to vendor/symfony/security-http/HttpUtils.php manually or avoid installing symfony/security-http versions greater equal than v5.4.30 or v6.3.6.

References

Affected packages

Git / github.com/sulu/sulu

Affected ranges

Type
GIT
Repo
https://github.com/sulu/sulu
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.10.0
0.10.1
0.11.0
0.11.1
0.11.2
0.12.0
0.13.0
0.13.1
0.13.2
0.14.0
0.14.1
0.14.2
0.15.0
0.15.1
0.15.2
0.15.3
0.16.0
0.16.1
0.16.2
0.17.0
0.17.0-RC1
0.17.0-RC2
0.18.0
0.18.1
0.18.2
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.9.0

1.*

1.0.0
1.0.0-RC1
1.0.0-RC2
1.0.0-RC3
1.0.1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.10
1.1.11
1.1.12
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.0-RC1
1.2.0-RC2
1.2.0-RC3
1.2.0-RC4
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3.0
1.3.0-RC1
1.3.0-RC2
1.3.0-RC3
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.4.0
1.4.0-RC1
1.4.0-RC2
1.4.1
1.4.10
1.4.11
1.4.12
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.5.0-RC1
1.5.0-RC2
1.5.0-RC3
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.20
1.5.21
1.5.22
1.5.23
1.5.24
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.0-RC1
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.3
1.6.30
1.6.31
1.6.32
1.6.33
1.6.34
1.6.35
1.6.36
1.6.37
1.6.38
1.6.39
1.6.4
1.6.40
1.6.41
1.6.42
1.6.43
1.6.44
1.6.45
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9

2.*

2.0.0
2.0.0-RC1
2.0.0-RC2
2.0.0-RC3
2.0.0-alpha1
2.0.0-alpha2
2.0.0-alpha3
2.0.0-alpha4
2.0.0-alpha5
2.0.0-alpha6
2.0.1
2.0.10
2.0.11
2.0.12
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.0-RC1
2.1.0-RC2
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.0-RC1
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.0-RC1
2.3.0-RC2
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.0-RC1
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.15
2.4.16
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9