UBUNTU-CVE-2024-51996

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-51996

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-51996.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-51996

Related

CVE-2024-51996

Published

2024-11-13T17:15:00Z

Modified

2024-11-20T12:17:08Z

Summary

[none]

Details

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.

References

Affected packages

Ubuntu:Pro:16.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.1+dfsg-1

2.7.5+dfsg-1

2.7.9+dfsg-1

2.7.9+dfsg-1ubuntu2

2.7.10-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.7+dfsg-1.3ubuntu1

3.*

3.4.3+dfsg-1ubuntu4

3.4.6+dfsg-1

3.4.6+dfsg-1ubuntu0.1

3.4.6+dfsg-1ubuntu0.1+esm1

3.4.6+dfsg-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.4+dfsg-1ubuntu1

4.3.8+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.6+dfsg-1ubuntu7

5.4.4+dfsg-1ubuntu8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.5+dfsg-3ubuntu3

6.4.10+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.23+dfsg-1ubuntu1

5.4.35+dfsg-3ubuntu1

6.*

6.4.5+dfsg-3ubuntu2

6.4.5+dfsg-3ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}