CVE-2019-18886

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18886
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18886.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-18886
Aliases
Related
Published
2019-11-21T18:15:11Z
Modified
2024-06-06T12:40:49.840232Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.

References

Affected packages

Git / github.com/symfony/security-http

Affected ranges

Type
GIT
Repo
https://github.com/symfony/security-http
Events
Type
GIT
Repo
https://github.com/symfony/symfony
Events

Affected versions

v3.*

v3.4.29
v3.4.30
v3.4.31
v3.4.32
v3.4.33
v3.4.34
v3.4.35

v4.*

v4.2.10
v4.2.11
v4.3.0
v4.3.0-RC1
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7