PT-2023-18674 · Shopware · Shopware

Shyim

Publicado

2023-01-17

Atualizado

2023-01-25

CVE-2023-22732

CVSS v3.1

3.7

Baixa

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.18.1

Description The Administration session expiration was set to one week, allowing an attacker who has stolen the session cookie to use it for a long period. An automatic logout into the Administration session has been added in version 6.4.18.1, logging out inactive users.

Recommendations For versions prior to 6.4.18.1, upgrade to version 6.4.18.1 or later to add an automatic logout feature for inactive Administration sessions.

Exploit

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613

Identificadores relacionados

CVE-2023-22732

GHSA-59QG-93JG-236F

Produtos afetados

Shopware

PT-2023-18674 · Shopware · Shopware

CVE-2023-22732

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10