CVE-2017-11365

CRITICAL severity · CVSS 9.8 · Improper access control

9.8CVSS CRITICAL

Summary

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)0%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Symfony

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f ↗

Additional information

NVD record
https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3fPatch
https://github.com/symfony/symfony/pull/23507Patch
https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3fPatch
https://github.com/symfony/symfony/pull/23507Patch