CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom user_checker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the Security::login method now ensure to call the configured user_checker. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-287"
    ]
}

References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type: GIT
Repo: https://github.com/symfony/symfony
Events: Introduced

ed9b9e7795c3e30c6d70c6ecf013a28910f6e15e

Fixed

938c0728518f9df199477d90ee43838359f81a7a

Type: GIT
Repo: https://github.com/symfony/symfony
Events: Introduced

d78c5f403d7ee794993660b1d5155536edd36fc1

Fixed

96e43bf86ac6126cc61a634b34987821b69f7af9

Type: GIT
Repo: https://github.com/symfony/symfony
Events: Introduced

08964d6da4787cd5f19e60f8aaf41ffd26d6c8c3

Fixed

60ccc390f438c3a11b601d385b77c6f2431ffc5d

Affected versions

v4.*

v4.4.50

v4.4.51

v5.*

v5.4.17

v5.4.18

v5.4.19

v5.4.20

v5.4.21

v5.4.22

v5.4.23

v5.4.24

v5.4.25

v5.4.26

v5.4.27

v5.4.28

v5.4.29

v5.4.30

v5.4.31

v5.4.32

v5.4.33

v5.4.34

v5.4.35

v5.4.36

v5.4.37

v5.4.38

v5.4.39

v5.4.40

v5.4.41

v6.*

v6.0.17

v6.0.18

v6.0.19

v6.1.10

v6.1.11

v6.1.9

v6.2.0

v6.2.1

v6.2.10

v6.2.11

v6.2.12

v6.2.13

v6.2.14

v6.2.2

v6.2.3

v6.2.4

v6.2.5

v6.2.6

v6.2.7

v6.2.8

v6.2.9

v6.3.0

v6.3.0-BETA1

v6.3.0-BETA2

v6.3.0-BETA3

v6.3.0-RC1

v6.3.0-RC2

v6.3.1

v6.3.10

v6.3.11

v6.3.12

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.3.7

v6.3.8

v6.3.9

v6.4.0

v6.4.0-BETA1

v6.4.0-BETA2

v6.4.0-BETA3

v6.4.0-RC1

v6.4.0-RC2

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v7.*

v7.0.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.0.5

v7.0.6

v7.0.7

v7.0.8

v7.0.9

v7.1.0

v7.1.1

v7.1.2