First published: Wed Mar 09 2022(Updated: )
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shopware Shopware | <6.4.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Vulnerability CVE-2022-24744 is a security issue in Shopware where user sessions are not logged out if the password is reset via password recovery.
The severity of CVE-2022-24744 is low, with a severity value of 3.5.
Vulnerability CVE-2022-24744 affects Shopware by allowing user sessions to remain active even after the password has been reset via password recovery.
Versions up to and excluding 6.4.8.1 of Shopware are affected by CVE-2022-24744.
To fix vulnerability CVE-2022-24744, update your Shopware installation to version 6.4.8.1 or later.