PT-2019-7877 · Symfony · Symfony

Xabbuh

Publicado

2019-05-23

Atualizado

2022-05-24

CVE-2017-11365

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Symfony versions 2.7.30, 2.8.23, 3.2.10, and 3.3.3

Description The issue is related to incorrect access control, which can be exploited remotely. It affects the password validator component.

Recommendations For Symfony version 2.7.30, update to a version that includes the fix for this issue. For Symfony version 2.8.23, update to a version that includes the fix for this issue. For Symfony version 3.2.10, update to a version that includes the fix for this issue. For Symfony version 3.3.3, update to a version that includes the fix for this issue.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2017-11365

GHSA-Q87V-Q8FW-GMJ5

Produtos afetados

Symfony

PT-2019-7877 · Symfony · Symfony

CVE-2017-11365

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14