admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-5275 for GHSA-g4m9-5hpf-hx72

Browse Source
This commit is contained in:
Robert Schultheis 2020-03-30 13:43:01 -06:00
parent 74361c7049
commit 3bf422563d
No known key found for this signature in database
GPG Key ID: 348C4211B4D8BB40
1 changed files with 79 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2020/5xxx/CVE-2020-5275.json
View File

@ -1,18 +1,91 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5275",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Firewall configured with unanimous strategy was not actually unanimous in symfony/security-http"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "symfony",
"version": {
"version_data": [
{
"version_value": ">= 4.4.0, < 4.4.7"
},
{
"version_value": ">= 5.0.0, < 5.0.7"
}
]
}
}
]
},
"vendor_name": "symfony"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, \nit iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute,\npreventing the check of next attributes that should have been take into account in an unanimous strategy.\n\nThe accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute.\n\nThis issue is patched in versions 4.4.7 and 5.0.7."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72",
"refsource": "CONFIRM",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-g4m9-5hpf-hx72"
},
{
"name": "https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf",
"refsource": "CONFIRM",
"url": "https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf"
}
]
},
"source": {
"advisory": "GHSA-g4m9-5hpf-hx72",
"discovery": "UNKNOWN"
}
}