{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0-alpha" }, { "introduced": "0" }, { "last_affected": "2.0.0-beta" }, { "introduced": "0" }, { "last_affected": "2.0.0-rc" }, { "introduced": "0" }, { "last_affected": "2.0.1" }, { "introduced": "0" }, { "last_affected": "2.0.2" }, { "introduced": "0" }, { "last_affected": "2.0.3" }, { "introduced": "0" }, { "last_affected": "2.0.4" }, { "introduced": "0" }, { "last_affected": "2.0.5" }, { "introduced": "0" }, { "last_affected": "2.0.6" }, { "introduced": "0" }, { "last_affected": "2.0.7" }, { "introduced": "0" }, { "last_affected": "2.0.8" }, { "introduced": "0" }, { "last_affected": "2.0.9" }, { "introduced": "0" }, { "last_affected": "2.0.10" }, { "introduced": "0" }, { "last_affected": "2.0.11" }, { "introduced": "0" }, { "last_affected": "2.0.11.1" }, { "introduced": "0" }, { "last_affected": "2.0.11.2" }, { "introduced": "0" }, { "last_affected": "2.0.12" }, { "introduced": "0" }, { "last_affected": "2.0.13" }, { "introduced": "0" }, { "last_affected": "2.0.13.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "ae8d9782707b89315194ec70a139fece122b8977" }, { "introduced": "0" }, { "last_affected": "b0018e36439fa8b59b204e5e23820672777c1add" }, { "introduced": "0" }, { "last_affected": "8bbcff70db9a7513e0a5f3916a9c7bbdc4d1c099" }, { "introduced": "0" }, { "last_affected": "d2b864da84a68d56a96709479af78d203f050451" }, { "introduced": "0" }, { "last_affected": "84b42abad0b447bd25415ac707cef9d56012c9e2" }, { "introduced": "0" }, { "last_affected": "d7462656f75f2eecd2c67790e18d5ac9999a6062" }, { "introduced": "0" }, { "last_affected": "985119350b2badf7f0bfe49ea610540212f4c7d3" }, { "introduced": "0" }, { "last_affected": "cf0541fd591b5ae155899724f3bbd9fd4e35dae4" }, { "introduced": "0" }, { "last_affected": "bf7edc52504c69c9dd7b079d060edf6d25183c7a" }, { "introduced": "0" }, { "last_affected": "89eb3dff144cffeb1b72107a235afc345ac2320e" }, { "introduced": "0" }, { "last_affected": "9b5f6cb188b5b7a5309f36de17a6cf263def3582" }, { "introduced": "0" }, { "last_affected": "731769241bb727a259552ec0e66aaf30d44e9b66" }, { "introduced": "0" }, { "last_affected": "ee92cfa7ba618bf4acc19ab540eaa674b828a092" }, { "introduced": "0" }, { "last_affected": "11fe407ad0af51765fbd35e008d0986f7f3bb840" }, { "introduced": "0" }, { "last_affected": "c19b2f7dc8f487f0a867f2cacab68b8e86b7a8f9" }, { "introduced": "0" }, { "last_affected": "2cce93adaef0aaef304130d4a1a49064643767f1" }, { "introduced": "0" }, { "last_affected": "278548029a071648c440670ebb16dca1b32421e3" }, { "introduced": "0" }, { "last_affected": "be658f82bf515f1c1040cb6f987280f436258dc0" }, { "introduced": "0" }, { "last_affected": "2d672b67223b8d930f0f444b113d0a13fbd551c0" }, { "introduced": "0" }, { "last_affected": "1d7f6cd20e24dfa486e72cc9fc87cfbe7008e084" }, { "fixed": "6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7" } ], "repo": "https://github.com/yiisoft/yii2", "type": "GIT" } ] } ], "details": "In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.", "id": "CVE-2018-6009", "modified": "2026-03-13T21:51:31.737091371Z", "published": "2018-01-22T22:29:00.207Z", "references": [ { "type": "FIX", "url": "https://github.com/yiisoft/yii2/commit/6c0540aa2d6e0fe0fa89e4fd35bba4be5d6cece7" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }