CVE-2022-24894 Symfony storing cookie headers in HttpCache

2023-02-0321:46:23

CWE-285

GitHub_M

www.cve.org

symfony

http cache

cookie header

vulnerability

patched

branch 4.4

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

55.8%

JSON

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the AbstractSessionListener, the response might contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim’s session. This issue has been patched and is available for branch 4.4.

CNA Affected

[
  {
    "vendor": "symfony",
    "product": "symfony",
    "versions": [
      {
        "version": ">= 2.0.0, < 4.4.50",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0, < 5.4.20",
        "status": "affected"
      },
      {
        "version": ">= 6.0.0, < 6.0.20",
        "status": "affected"
      },
      {
        "version": ">= 6.1.0, < 6.1.12",
        "status": "affected"
      },
      {
        "version": ">= 6.2.0, < 6.2.6",
        "status": "affected"
      }
    ]
  }
]