Lucene search

[email protected]NVD:CVE-2023-34099

HistoryJun 27, 2023 - 5:15 p.m.

CVE-2023-34099

2023-06-2717:15:09

CWE-754

[email protected]

web.nvd.nist.gov

shopware

e-commerce

email validation

flaw

version 5.7.18

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

Affected configurations

NVD

Node

shopwareshopwareRange5.1.4–5.7.17

References

docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023

github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5

github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d

www.shopware.com/en/changelog-sw5/#5-7-18

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for NVD:CVE-2023-34099

github1 cvelist1 osv2 cve1 prion1