CVE-2018-19790

medium

Description

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

References

http://www.securityfocus.com/bid/106249

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE/

https://lists.fedoraproject.org/archives/list/[email protected]/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ/

https://seclists.org/bugtraq/2019/May/21

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

https://www.debian.org/security/2019/dsa-4441

Details

Source: MITRE

Published: 2018-12-18

Updated: 2019-05-10

Type: CWE-601

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM