5 matches found
Improper access control
In symfony/security-http before versions 4.4.7 and 5.0.7, when a Firewall checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take...
GHSA-G4M9-5HPF-HX72 Firewall configured with unanimous strategy was not actually unanimous in Symfony
Description ----------- On Symfony before 4.4.0, when a Firewall checks an access control rule using the unanimous strategy, it iterates over all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access. As of Symfony 4.4.0, a bug was introduced that...
Firewall configured with unanimous strategy was not actually unanimous in Symfony
Description ----------- On Symfony before 4.4.0, when a Firewall checks an access control rule using the unanimous strategy, it iterates over all rule attributes and grant access only if all calls to the accessDecisionManager decide to grant access. As of Symfony 4.4.0, a bug was introduced that...
CVE-2020-5275
In symfony/security-http before versions 4.4.7 and 5.0.7, when a Firewall checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take...
CVE-2020-5275: All "access_control" rules are required when a firewall uses the unanimous strategy
Affected versions Symfony 4.4.0 to 4.4.6 and 5.0.0 to 5.0.6 versions of the Symfony ErrorHandler component are affected by this security issue. The issue has been fixed in Symfony 4.4.7 and 5.0.7. Description On Symfony before 4.4.0, when a Firewall checks an access control rule using the unanimo...