CVE-2017-14775 — Sensitive Information Exposure in Framework

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 47.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Illuminate Auth Laravel Framework Laravel +1 more

Timeline

PublishedSep 28

Latest updateMay 17

Description

Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶Packagistlaravel/framework< 5.5.10

▶NVDlaravel/laravel5.5.9

▶debiandebian/php-laravel-framework

▶Packagistilluminate/auth< 5.5.10

🔴Vulnerability Details

GHSA

Laravel Sensitive Data Exposure↗2022-05-17

▶

OSV

Laravel Sensitive Data Exposure↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2017-14775: php-laravel-framework - Laravel before 5.5.10 mishandles the remember_me token verification process beca...↗2017

▶