CVE-2019-10911
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
En Symfony la versión anterior a 2.7.51, versión 2.8.x anterior a 2.8.50, versión 3.x anterior a 3.4.26, versión 4.x anterior a 4.1.12 y versión 4.2.x anterior a 4.2.7, una vulnerabilidad permitiría que un atacante se identifique como un Usuario privilegiado en sitios con registro de usuario y recordar la funcionalidad de inicio de sesión habilitada. Esto está relacionado con Symfony/Seguridad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-04-07 CVE Reserved
- 2019-05-10 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.synology.com/security/advisory/Synology_SA_19_19 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081 | 2021-09-29 |
| URL | Date | SRC |
|---|---|---|
| https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash | 2021-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.7.0 < 2.7.51 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.7.0 < 2.7.51" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 2.8.0 < 2.8.50 Search vendor "Sensiolabs" for product "Symfony" and version " >= 2.8.0 < 2.8.50" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 3.4.0 < 3.4.26 Search vendor "Sensiolabs" for product "Symfony" and version " >= 3.4.0 < 3.4.26" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.1.0 < 4.1.12 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.1.0 < 4.1.12" | - |
Affected
| ||||||
| Sensiolabs Search vendor "Sensiolabs" | Symfony Search vendor "Sensiolabs" for product "Symfony" | >= 4.2.0 < 4.2.7 Search vendor "Sensiolabs" for product "Symfony" and version " >= 4.2.0 < 4.2.7" | - |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 8.5.0 < 8.5.15 Search vendor "Drupal" for product "Drupal" and version " >= 8.5.0 < 8.5.15" | - |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 8.6.0 < 8.6.15 Search vendor "Drupal" for product "Drupal" and version " >= 8.6.0 < 8.6.15" | - |
Affected
| ||||||