First published: Mon Sep 12 2022(Updated: )
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shopware Shopware | >=5.0.0<5.7.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-36101 is a vulnerability in Shopware, an open source e-commerce software, that exposes sensitive data in the backend administration.
CVE-2022-36101 has a severity level of 5.3 (medium).
CVE-2022-36101 affects Shopware versions between 5.0.0 and 5.7.15.
To fix CVE-2022-36101, users are advised to update their Shopware installation to version 5.7.15.
You can find more information about CVE-2022-36101 in the Shopware security updates documentation and the GitHub advisory.