Lucene search
Veracode Vulnerability DatabaseVERACODE:31012HistoryJun 21, 2021 - 2:11 a.m.
Privilege Escalation
2021-06-2102:11:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
56.9%
symfony is vulnerable to privilege escalation. The vulnerability exists due to an insecure authenticated token by one of the firewall being available to all other firewall.
| CPE | Name | Operator | Version |
|---|---|---|---|
| symfony/security-http | le | v5.3.1 | |
| symfony/symfony | le | v5.3.1 |
References
github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129
github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728
github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
Related
osv
osv
Authentication granted to all firewalls instead of just one
2021-06-21 17:03:44
CVE-2021-32693
2021-06-17 23:15:07
BIT-symfony-2021-32693
2024-03-06 11:08:04
ubuntucve
ubuntucve
CVE-2021-32693
2021-06-17 00:00:00
cve
cve
CVE-2021-32693
2021-06-17 23:15:07
nvd
nvd
CVE-2021-32693
2021-06-17 23:15:07
prion
prion
Design/Logic Flaw
2021-06-17 23:15:00
friendsofphp
friendsofphp
CVE-2021-32693: Authentication granted to all firewalls instead of just one
2021-06-17 15:00:00
CVE-2021-32693: Authentication granted to all firewalls instead of just one
2021-06-17 15:00:00
debiancve
debiancve
CVE-2021-32693
2021-06-17 23:15:07
openvas
openvas
symfony
symfony
CVE-2021-32693: Authentication granted to all firewalls instead of just one
2021-06-17 00:00:00
github
github
Authentication granted to all firewalls instead of just one
2021-06-21 17:03:44
cvelist
cvelist
CVE-2021-32693 Authentication granted with multiple firewalls
2021-06-17 22:40:11