Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Symphony Php Framework
Symphony Php Framework symphony Process |
|
CPEs | cpe:2.3:a:symphony_php_framework:symphony_process:*:*:*:*:*:*:*:* | |
Vendors & Products |
Symphony Php Framework
Symphony Php Framework symphony Process |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8. | |
Title | Symphony has an Authentication Bypass via RememberMe | |
Weaknesses | CWE-287 CWE-289 |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-13T16:18:49.473Z
Updated: 2024-11-13T18:49:31.776Z
Reserved: 2024-11-04T17:46:16.776Z
Link: CVE-2024-51996
Vulnrichment
Updated: 2024-11-13T18:48:56.818Z
NVD
Status : Awaiting Analysis
Published: 2024-11-13T17:15:11.870
Modified: 2024-11-15T14:00:09.720
Link: CVE-2024-51996
Redhat
No data.