User Authentication Vulnerability in Symfony Framework
CVE-2019-10911

7.5HIGH

Key Information:

Vendor
Sensiolabs
Status
Symfony
Vendor
CVE Published:
16 May 2019

Summary

A security vulnerability in the Symfony Framework prior to specified versions allows an attacker to authenticate as a privileged user. This issue is primarily associated with sites utilizing user registration and 'remember me' login functionality. The flaw is rooted in the handling of the remember me cookie, compromising the integrity of user sessions. Affected versions include Symfony 2.7 through 2.7.50, 2.8.x through 2.8.49, 3.x through 3.4.25, 4.x through 4.1.11, and 4.2.x through 4.2.6. Mitigation measures should be taken by updating to the latest secure versions to prevent unauthorized access.

References

https://www.synology.com/security/advisory/Synology_SA_19_19
x_refsource_CONFIRM
https://symfony.com/blog/cve-2019-10911-add-a-separator-i...
x_refsource_CONFIRM
https://github.com/symfony/symfony/commit/a29ce2817cf43bb...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-10911 : User Authentication Vulnerability in Symfony Framework | SecurityVulnerability.io