Security Advisory

CVE-2018-11385

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-06-13 16:00:00

Last updated 2024-08-05 08:10:13

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

← Browse all CVEs View on cve.org ↗