vulnerability
Ubuntu: (CVE-2018-11385): symfony vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jun 13, 2018 | Jun 26, 2025 | Jun 26, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jun 13, 2018
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
Solution
no-fix-ubuntu-package
References
- CVE-2018-11385
- https://attackerkb.com/topics/CVE-2018-11385
- URL-https://lists.fedoraproject.org/archives/list/[email protected]/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
- URL-https://lists.fedoraproject.org/archives/list/[email protected]/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
- URL-https://lists.fedoraproject.org/archives/list/[email protected]/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
- URL-https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
- URL-https://www.cve.org/CVERecord?id=CVE-2018-11385
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.