6.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-27915

GHSA ID

GHSA-jr83-m233-gg6p

EPSS Score

0.31761%

CWE

CWE-863

Published

3/4/2024

Updated

3/6/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-27915

CVE-2024-27915:
Sulu grants access to pages regardless of role permissions

Impact

What kind of vulnerability is it? Who is impacted?

Access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue.

Patches

Has the problem been patched? What versions should users upgrade to?

The problem is patched with Version 2.4.17 and 2.5.13.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Remove following lines from vendor/symfony/security-http/HttpUtils.php:

-            // Shortcut if request has already been matched before
-            if ($request->attributes->has('_route')) {
-                return $path === $request->attributes->get('_route');
 -           }

Or do not install symfony/security-http versions greater equal than v5.4.30 or v6.3.6.

References

Are there any links users can visit to find out more?

Currently no references.

(GitHub Advisory)

6.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-27915

GHSA ID

GHSA-jr83-m233-gg6p

EPSS Score

0.31761%

CWE

CWE-863

Published

3/4/2024

Updated

3/6/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sulu/sulu	composer	>= 2.2.0, < 2.4.17	2.4.17
sulu/sulu	composer	>= 2.5.0-alpha1, < 2.5.13	2.5.13

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from security checks being performed in ContentRouteProvider::getRouteCollectionForRequest before the routing context was fully resolved. The commit removed these checks (lines 166-180 in ContentRouteProvider.php) and introduced a new SecurityListener to handle authorization later in the request flow. The original code's premature security check allowed bypassing role permissions when the webspace had security configured, as the routing attributes necessary for proper authorization were not yet available.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t _W**t kin* o* vuln*r**ility is it? W*o is imp**t**?_ ****ss to p***s is *r*nt** r***r*l*ss o* rol* p*rmissions *or w**sp***s w*i** **v* * s**urity syst*m *on*i*ur** *n* p*rmission ****k *n**l**. W**sp***s wit*out *o not **v* t*is issu*.

Reasoning

T** vuln*r**ility st*mm** *rom s**urity ****ks **in* p*r*orm** in *ont*ntRout*Provi**r::**tRout**oll**tion*orR*qu*st ***or* t** routin* *ont*xt w*s *ully r*solv**. T** *ommit r*mov** t**s* ****ks (lin*s ***-*** in *ont*ntRout*Provi**r.p*p) *n* intro*

6.8

Basic Information

Concerned about an active attack path?

CVE-2024-27915: Sulu grants access to pages regardless of role permissions

Impact

Patches

Workarounds

References

6.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-27915:
Sulu grants access to pages regardless of role permissions

Vulnerability Intelligence
Miggo AI