CVE Vulnerability

CVE-2022-24879

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h Third Party Advisory
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022 Vendor Advisory
https://www.shopware.com/en/changelog-sw5/#5-7-9 Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*
Information

Published : 2022-04-28 03:15

Updated : 2022-05-07 02:04

NVD link : CVE-2022-24879

Mitre link : CVE-2022-24879

Products Affected
No products.
CWE
CWE-352