Home > Vulnerability Database > CVE-2022-24879

Mend.io Vulnerability Database

CVE-2022-24879

Date: April 28, 2022

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

Language: PHP

Severity Score

7.5

Related Resources (6)

Url: https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24879

Url: https://www.shopware.com/en/changelog-sw5/#5-7-9

Url: https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022

Url: https://github.com/shopware/shopware

Url: https://www.mend.io/vulnerability-database/CVE-2022-24879

Severity Score

7.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24879

Date: April 28, 2022

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?