Lucene search
GoogleOSV:GHSA-P523-JRPH-QJC6HistoryJan 06, 2022 - 11:49 p.m.
Insufficient Session Expiration in shopware
2022-01-0623:49:17
Google
osv.dev
6
0.001 Low
EPSS
Percentile
42.3%
Impact
Automatically invalidate sessions upon password change
Patches
We recommend updating to the current version 5.7.7. You can get the update to 5.7.7 regularly via the Auto-Updater or directly via the download overview.
For older versions you can use the Security Plugin:
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html
References
https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/shopware | eq | 5.7.3 | |
| shopware/shopware | eq | 5.7.4 | |
| shopware/shopware | eq | 5.7.6 | |
| shopware/shopware | eq | 5.7.5 |
Related
cve
cve
CVE-2022-21652
2022-01-05 20:15:08
cnvd
cnvd
Shopware Trust Management Issue Vulnerability
2022-01-06 00:00:00
prion
prion
Design/Logic Flaw
2022-01-05 20:15:00
cvelist
cvelist
CVE-2022-21652 Insufficient Session Expiration in shopware
2022-01-05 19:20:18
github
github
Insufficient Session Expiration in shopware
2022-01-06 23:49:17
veracode
veracode
Insecure Session Management
2022-01-06 04:17:28
nvd
nvd
CVE-2022-21652
2022-01-05 20:15:08