Vulnerability Description
Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shopware | Shopware | >= 5.2.0, < 5.7.9 |
Related Weaknesses (CWE)
References
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2Vendor Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23hThird Party Advisory
- https://www.shopware.com/en/changelog-sw5/#5-7-9Release NotesVendor Advisory
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2Vendor Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23hThird Party Advisory
- https://www.shopware.com/en/changelog-sw5/#5-7-9Release NotesVendor Advisory
FAQ
What is CVE-2022-24879?
CVE-2022-24879 is a vulnerability with a CVSS score of 7.5 (HIGH). Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the C...
How severe is CVE-2022-24879?
CVE-2022-24879 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24879?
Check the references section above for vendor advisories and patch information. Affected products include: Shopware Shopware.