CVE-2022-24872

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.10.1

Description The issue concerns permissions set to sales channel context by admin-api, which remain usable within a normal user session. This affects Shopware, an open commerce platform based on Symfony Framework and Vue. There are no known workarounds for this issue.

Recommendations For versions 6.1, 6.2, and 6.3, install the corresponding security plugin to address the issue. For all affected versions, update to version 6.4.10.1 to resolve the issue. The update can be obtained regularly via the Auto-Updater or directly via the download overview.