Lucene search

Veracode Vulnerability DatabaseVERACODE:39302

HistoryFeb 16, 2023 - 9:55 a.m.

Session Fixation

2023-02-1609:55:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

symfony software session fixation unauthorized access vulnerability validations attacker security.xml

EPSS

0.002

Percentile

54.0%

JSON

symfony is vulnerable to Session Fixation.The vulnerability exists due to the lack of validations in security.xml, which allows an attacker to gain unauthorized access to an account.

References

github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml

github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946

github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4

github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m

lists.debian.org/debian-lts-announce/2023/07/msg00014.html

symfony.com/blog/cve-2022-24895-csrf-token-fixation

EPSS

0.002

Percentile

54.0%

JSON

Related for VERACODE:39302