CVE-2022-24744

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24744

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24744.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-24744

Aliases

GHSA-w267-m9c4-8555

Published

2022-03-09T22:25:33Z

Modified

2026-03-13T05:35:40.406558Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Insufficient Session Expiration in shopware

Details

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Database specific

{
    "cwe_ids": [
        "CWE-613"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24744.json"
}

References

Affected packages

Git / github.com/shopware/platform

Affected ranges

Type

GIT

Repo

https://github.com/shopware/platform

Events

Introduced

Fixed

6dea754546500a462ff8323612d13ea19bc14040

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.4.8.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24744.json"

Git / github.com/shopware/shopware

Affected ranges

Type

GIT

Repo

https://github.com/shopware/shopware

Events

Introduced

Fixed

6dea754546500a462ff8323612d13ea19bc14040

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.4.8.1"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24744.json"