CVE-2022-24895

2023-02-0322:15:11

Debian Security Bug Tracker

security-tracker.debian.org

symfony

php framework

session id regeneration

csrf token

bypass

4.4 branch

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

54.0%

JSON

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

OSVersionArchitecturePackageVersionFilename
Debian12allsymfony< 5.4.20+dfsg-1symfony_5.4.20+dfsg-1_all.deb
Debian11allsymfony< 4.4.19+dfsg-2+deb11u2symfony_4.4.19+dfsg-2+deb11u2_all.deb
Debian999allsymfony< 5.4.20+dfsg-1symfony_5.4.20+dfsg-1_all.deb
Debian13allsymfony< 5.4.20+dfsg-1symfony_5.4.20+dfsg-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	symfony	< 5.4.20+dfsg-1	symfony_5.4.20+dfsg-1_all.deb
Debian	11	all	symfony	< 4.4.19+dfsg-2+deb11u2	symfony_4.4.19+dfsg-2+deb11u2_all.deb
Debian	999	all	symfony	< 5.4.20+dfsg-1	symfony_5.4.20+dfsg-1_all.deb
Debian	13	all	symfony	< 5.4.20+dfsg-1	symfony_5.4.20+dfsg-1_all.deb