Lucene search

Veracode Vulnerability DatabaseVERACODE:44252

HistoryNov 13, 2023 - 10:27 a.m.

Session Fixation

2023-11-1310:27:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

symfony

session fixation

vulnerable

steal token

impersonate

account access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

42.1%

JSON

symfony is vulnerable to Session Fixation. An attacker is able to steal session tokens from users of a vulnerable Symfony application. The attacker could then use the stolen session tokens to impersonate the users and access their accounts.

References

github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9

github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74

github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

42.1%

JSON

Related for VERACODE:44252