PT-2024-34151 · Symfony+2 · Symfony/Securitybundle+2
94Noni
·
Published
2024-11-06
·
Updated
2025-02-18
·
CVE-2024-50341
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
symfony/security-bundle versions prior to 6.4.10
symfony/security-bundle versions prior to 7.0.10
symfony/security-bundle versions prior to 7.1.3
Description:
The custom
user checker defined on a firewall is not called when logging in programmatically with the Security::login method, leading to unwanted login.Recommendations:
For versions prior to 6.4.10, upgrade to version 6.4.10 or later.
For versions prior to 7.0.10, upgrade to version 7.0.10 or later.
For versions prior to 7.1.3, upgrade to version 7.1.3 or later.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Symfony/Securitybundle