CVE-2022-24872

Опубликовано: 20 апр. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.

Ссылки

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
Patch
Vendor Advisory
https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
Patch
Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc
Third Party Advisory
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
Patch
Vendor Advisory
https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
Patch
Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*

Версия до 6.4.10.1 (исключая)

EPSS

Процентиль: 41%

0.00189

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-9wrv-g75h-8ccc