Lucene search

K

Veracode Vulnerability DatabaseVERACODE:39314

HistoryFeb 17, 2023 - 6:39 a.m.

Improper Authorization

2023-02-1706:39:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

26

symfony

vulnerability

store.php

http cache system

headers

attacker

session

EPSS

0.002

Percentile

55.8%

Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim’s session.

References

github.com/advisories/GHSA-h7vf-5wrv-9fhv

github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml

github.com/symfony/http-kernel/commit/f7822a7c63681e6ad4cadb8f8c2943c9bc2d3e9a

github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb

github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv

lists.debian.org/debian-lts-announce/2023/07/msg00014.html

symfony.com/blog/cve-2022-24894-prevent-storing-cookie-headers-in-httpcache

EPSS

0.002

Percentile

55.8%

Related for VERACODE:39314

debiancve1 osv4 cve1 ubuntucve1 nvd1 friendsofphp2 github1 cvelist1 prion1 symfony1 fedora2 openvas4 nessus3 redos1 debian1