Vulnerability Description
Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shopware | Shopware | >= 5.0.0, < 5.7.15 |
Related Weaknesses (CWE)
References
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2Vendor Advisory
- https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f2593PatchThird Party Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58rThird Party Advisory
- https://packagist.org/packages/shopware/shopwareProductThird Party Advisory
- https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2Vendor Advisory
- https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f2593PatchThird Party Advisory
- https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58rThird Party Advisory
- https://packagist.org/packages/shopware/shopwareProductThird Party Advisory
FAQ
What is CVE-2022-36101?
CVE-2022-36101 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the se...
How severe is CVE-2022-36101?
CVE-2022-36101 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36101?
Check the references section above for vendor advisories and patch information. Affected products include: Shopware Shopware.