Home > Vulnerability Database > CVE-2021-21424

Mend.io Vulnerability Database

CVE-2021-21424

Good to know:

Date: May 13, 2021

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.

Language: PHP

Severity Score

5.3

Related Resources (11)

Url: https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-21424

Url: https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M/

Url: https://security-tracker.debian.org/tracker/CVE-2021-21424

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-21424

Url: https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW/

Url: https://www.mend.io/vulnerability-database/CVE-2021-21424

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version v3.4.48,v4.4.23,v5.2.8

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-21424

Good to know:

Date: May 13, 2021

Language: PHP

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?