VDB
CVE-2019-18886
CVE-2019-18886
REJECTED
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.
EPSS 1.55% · 81.8th percentile
Risk Scores
EPSS Score
1.55%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | symfony | 4.3.4+dfsg-1ubuntu1, 0 |
Exploit Intelligence
Timeline
- Nov 21, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-18886 third-party-advisory
- https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality third-party-advisory
- https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-18886 third-party-advisory