CVE-2022-24895 - OpenCVE

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sensiolabs	Symfony

Configuration 1 [-]

OR	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::
	cpe:2.3:a:sensiolabs:symfony::::::::

References

Link	Resource
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml	Issue Tracking
https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946	Patch
https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4	Patch
https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-03T21:45:26.887Z

Updated: 2023-07-12T00:06:20

Reserved: 2022-02-10T16:41:34.956Z

Link: CVE-2022-24895

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-03T22:15:11.273

Modified: 2023-07-12T01:15:09.027

Link: CVE-2022-24895

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-24895", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-02-10T16:41:34.956Z", "datePublished": "2023-02-03T21:45:26.887Z", "dateUpdated": "2023-07-12T00:06:20"}, "containers": {"cna": {"title": "Symfony vulnerable to Session Fixation of CSRF tokens", "problemTypes": [{"descriptions": [{"cweId": "CWE-384", "lang": "en", "description": "CWE-384: Session Fixation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"}, {"name": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946", "tags": ["x_refsource_MISC"], "url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"}, {"name": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4", "tags": ["x_refsource_MISC"], "url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"}, {"name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml", "tags": ["x_refsource_MISC"], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"}], "affected": [{"vendor": "symfony", "product": "symfony", "versions": [{"version": ">= 2.0.0, < 4.4.50", "status": "affected"}, {"version": ">= 5.0.0, < 5.4.20", "status": "affected"}, {"version": ">= 6.0.0, < 6.0.20", "status": "affected"}, {"version": ">= 6.1.0, < 6.1.12", "status": "affected"}, {"version": ">= 6.2.0, < 6.2.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-03T21:45:26.887Z"}, "descriptions": [{"lang": "en", "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. \n\n"}], "source": {"advisory": "GHSA-3gv2-29qc-v67m", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD26F566-480D-42C8-93BA-011DC77BA73A", "versionEndExcluding": "4.4.50", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "F81B0E24-C7F6-4FC7-9414-A31A55C4A053", "versionEndExcluding": "5.4.20", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7DB6A6C-A7A4-4571-9677-24C9E7AAFD3C", "versionEndExcluding": "6.0.20", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "31265260-5BE3-41B1-A268-ECAE10B18978", "versionEndExcluding": "6.1.12", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE7A2A1-3893-4574-8A59-24BBDDE8DC41", "versionEndExcluding": "6.2.6", "versionStartIncluding": "6.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. \n\n"}], "id": "CVE-2022-24895", "lastModified": "2023-07-12T01:15:09.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-02-03T22:15:11.273", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"}, {"source": "security-advisories@github.com", "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Secondary"}]}