icon

We found results for “

CVE-2024-50341

Date: November 6, 2024

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom "user_checker" defined on a firewall is not called when Login Programmaticaly with the "Security::login" method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the "Security::login" method now ensure to call the configured "user_checker". All users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us