Vulnerability Description
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sylius | Sylius | < 1.9.10 |
Related Weaknesses (CWE)
References
- https://github.com/Sylius/Sylius/releases/tag/v1.10.11Release NotesThird Party Advisory
- https://github.com/Sylius/Sylius/releases/tag/v1.11.2Release NotesThird Party Advisory
- https://github.com/Sylius/Sylius/releases/tag/v1.9.10Release NotesThird Party Advisory
- https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5pMitigationThird Party Advisory
- https://github.com/Sylius/Sylius/releases/tag/v1.10.11Release NotesThird Party Advisory
- https://github.com/Sylius/Sylius/releases/tag/v1.11.2Release NotesThird Party Advisory
- https://github.com/Sylius/Sylius/releases/tag/v1.9.10Release NotesThird Party Advisory
- https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5pMitigationThird Party Advisory
FAQ
What is CVE-2022-24742?
CVE-2022-24742 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versio...
How severe is CVE-2022-24742?
CVE-2022-24742 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24742?
Check the references section above for vendor advisories and patch information. Affected products include: Sylius Sylius.