CVE-2022-24871
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-24871
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24871.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24871
- Aliases
- Published
- 2022-04-20T19:15:08Z
- Modified
- 2024-10-12T09:21:27.885790Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.
- References
Affected packages
Git / github.com/shopware/shopware
Affected ranges
- Type
- GIT
- Repo
- https://github.com/shopware/shopware
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v6.*
v6.0.0+dp1
v6.0.0+ea1
v6.0.0+ea1.1
v6.0.0+ea2
v6.1.0
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.2.0
v6.2.0-RC1
v6.2.1
v6.2.2
v6.2.3
v6.3.0.0
v6.3.0.1
v6.3.0.2
v6.3.3.0
v6.3.3.1
v6.3.4.1
v6.3.5.0
v6.4.1.0
v6.4.1.1
v6.4.1.2
v6.4.10.0
v6.4.3.0
v6.4.3.1
v6.4.4.0
v6.4.4.1
v6.4.5.0
v6.4.5.1
v6.4.6.0
v6.4.6.1
v6.4.8.0
v6.4.8.1
v6.4.8.2
v6.4.9.0