Description

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-11-06T21:06:49.426Z

Last Modified :

2024-11-07T15:27:06.600Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50341 vulnerability.

Vendors Products
Symfony
  • Symfony
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50341.

URL Resource
https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105 cve-icon cve-icon
https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact