CVE-2022-36101: Infoleak
First published: Mon Sep 12 2022(Updated: )
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | >=5.0.0<5.7.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-36101?
CVE-2022-36101 is a vulnerability in Shopware, an open source e-commerce software, that exposes sensitive data in the backend administration.
What is the severity of CVE-2022-36101?
CVE-2022-36101 has a severity level of 5.3 (medium).
How does CVE-2022-36101 affect Shopware versions?
CVE-2022-36101 affects Shopware versions between 5.0.0 and 5.7.15.
How can I fix CVE-2022-36101?
To fix CVE-2022-36101, users are advised to update their Shopware installation to version 5.7.15.
Where can I find more information about CVE-2022-36101?
You can find more information about CVE-2022-36101 in the Shopware security updates documentation and the GitHub advisory.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/shopware
- canonical/shopware shopware
- version/shopware shopware/5.0.0