CVE-2022-24744
First published: Wed Mar 09 2022(Updated: )
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | <6.4.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is vulnerability CVE-2022-24744?
Vulnerability CVE-2022-24744 is a security issue in Shopware where user sessions are not logged out if the password is reset via password recovery.
What is the severity of CVE-2022-24744?
The severity of CVE-2022-24744 is low, with a severity value of 3.5.
How does vulnerability CVE-2022-24744 affect Shopware?
Vulnerability CVE-2022-24744 affects Shopware by allowing user sessions to remain active even after the password has been reset via password recovery.
Which versions of Shopware are affected by CVE-2022-24744?
Versions up to and excluding 6.4.8.1 of Shopware are affected by CVE-2022-24744.
How can I fix vulnerability CVE-2022-24744?
To fix vulnerability CVE-2022-24744, update your Shopware installation to version 6.4.8.1 or later.
- collector/nvd-index
- vendor/shopware
- canonical/shopware shopware