Shopware database password is leaked to an unauthenticated users

2022-05-2417:24:28

Google

osv.dev

7.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.

CPENameOperatorVersion
shopware/shopwareeq5.2.26
shopware/shopwareeq5.2.4
shopware/shopwareeq5.1.2
shopware/coreeq6.1.1
shopware/shopwareeq5.2.14
shopware/shopwareeq5.7.13
shopware/shopwareeq5.0.3-RC1
shopware/platformeq6.1.0-rc3
shopware/shopwareeq5.4.0-RC1
shopware/shopwareeq5.7.0-RC2

Name	Operator	Version
shopware/shopware	eq	5.2.26
shopware/shopware	eq	5.2.4
shopware/shopware	eq	5.1.2
shopware/core	eq	6.1.1
shopware/shopware	eq	5.2.14
shopware/shopware	eq	5.7.13
shopware/shopware	eq	5.0.3-RC1
shopware/platform	eq	6.1.0-rc3
shopware/shopware	eq	5.4.0-RC1
shopware/shopware	eq	5.7.0-RC2