CVE-2024-50341
CVSS V2 None
CVSS V3 None
Description
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2024-50341
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-06T21:06:49.426Z
- Last Modified Date
- 2024-11-06T21:07:11.065Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v | x_refsource_CONFIRM |
| https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-50341 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50341 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-07 13:25:42 | Added to TrackCVE |