Test ID:	1.3.6.1.4.1.25623.1.1.12.2025.7272.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7272-1)
Summary:	The remote host is missing an update for the 'symfony' package(s) announced via the USN-7272-1 advisory.
Description:	Summary: The remote host is missing an update for the 'symfony' package(s) announced via the USN-7272-1 advisory. Vulnerability Insight: Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. (CVE-2022-24894) Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. An attacker could possibly use this issue to perform a cross-site request forgery (CSRF) attack. (CVE-2022-24895) Pierre Rudloff discovered that Symfony incorrectly checked HTML input. An attacker could possibly use this issue to perform cross site scripting. (CVE-2023-46734) Vladimir Dusheyko discovered that Symfony incorrectly sanitized special input with a PHP directive in URL query strings. An attacker could possibly use this issue to expose sensitive information or cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-50340) Oleg Andreyev, Antoine Makdessi, and Moritz Rauch discovered that Symfony incorrectly handled user authentication. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-50341, CVE-2024-51996) Linus Karlsson and Chris Smith discovered that Symfony returned internal host information during host resolution. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-50342) It was discovered that Symfony incorrectly parsed user input through regular expressions. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-50343) Sam Mush discovered that Symfony incorrectly parsed URIs with special characters. An attacker could possibly use this issue to perform phishing attacks. (CVE-2024-50345) Affected Software/OS: 'symfony' package(s) on Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-24894 https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2022-24895 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946 https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4 https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m Common Vulnerability Exposure (CVE) ID: CVE-2023-46734 https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54 https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3 https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2024-50340 Common Vulnerability Exposure (CVE) ID: CVE-2024-50341 Common Vulnerability Exposure (CVE) ID: CVE-2024-50342 Common Vulnerability Exposure (CVE) ID: CVE-2024-50343 Common Vulnerability Exposure (CVE) ID: CVE-2024-50345 Common Vulnerability Exposure (CVE) ID: CVE-2024-51996
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.