Количество 2
Количество 2
CVE-2023-22732
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue.
GHSA-59qg-93jg-236f
Shopware has Insufficient Session Expiration in Administration
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-22732 Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3: 3.7 | 0% Низкий | около 3 лет назад |
| GHSA-59qg-93jg-236f Shopware has Insufficient Session Expiration in Administration | CVSS3: 3.7 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу