SecBoard
Zurück zur CVE-Übersicht

CVE-2026-45074

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost(), which reflects an attacker-controlled Host header when framework.trusted_hosts is not configured; an attacker controlling another application registered with the same CAS server can replay a victim ticket against the Symfony application and authenticate as the victim. This issue is fixed in versions 7.4.12 and 8.0.12.

GitHub Advisories

GHSA-j8gj-9rm5-4xhxMEDIUM

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

composer/symfony/security-http7.4.12
GitHub Advisory

Referenzen