Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-4vpc-5jx4-cfqg

Опубликовано: 02 дек. 2019
Источник: github
Github: Прошло ревью
CVSS3: 5.3

Описание

User enumeration leak using switch user functionality in Symfony

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.

Пакеты

Наименование

symfony/security-http

composer
Затронутые версииВерсия исправления

>= 4.1.0, < 4.2.12

4.2.12

Наименование

symfony/security-http

composer
Затронутые версииВерсия исправления

>= 4.3.0, < 4.3.8

4.3.8

Наименование

symfony/symfony

composer
Затронутые версииВерсия исправления

>= 4.1.0, < 4.2.12

4.2.12

Наименование

symfony/symfony

composer
Затронутые версииВерсия исправления

>= 4.3.0, < 4.3.8

4.3.8

EPSS

Процентиль: 81%
0.01546
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200
CWE-203

Связанные уязвимости

CVSS3: 5.3
ubuntu
больше 5 лет назад

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.

CVSS3: 5.3
nvd
больше 5 лет назад

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.

CVSS3: 5.3
debian
больше 5 лет назад

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. ...

EPSS

Процентиль: 81%
0.01546
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200
CWE-203