CVE-2022-24744

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.8.1

Description The issue concerns user sessions not being logged out when a password is reset via password recovery. This problem has been identified in Shopware, an open commerce platform based on the Symfony php Framework and the Vue javascript framework. For older versions of 6.1, 6.2, and 6.3, security measures are available via a plugin.

Recommendations For versions 6.1, 6.2, and 6.3, install the corresponding security plugin to mitigate the issue. Update to version 6.4.8.1 or later to resolve the issue. As a temporary workaround, consider manually logging out user sessions after a password reset until a patch is applied.