Home > Vulnerability Database > CVE-2022-24879

Mend.io Vulnerability Database

CVE-2022-24879

Good to know:

Date: April 28, 2022

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

Language: PHP

Severity Score

3.5

Related Resources (5)

Url: https://github.com/shopware/shopware/security/advisories/GHSA-pf38-v6qj-j23h

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24879

Url: https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022

Url: https://www.shopware.com/en/changelog-sw5/#5-7-9

Url: https://www.mend.io/vulnerability-database/CVE-2022-24879

Severity Score

3.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version v5.7.9

Learn More

CVSS v3

Base Score:	3.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE

CVSS v2

Base Score:	5.4
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24879

Good to know:

Date: April 28, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?