CVE-2022-24879

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 5.7.9

Description The issue concerns a malfunction in cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This could allow an attacker to impersonate a victim if the attacker is able to use the same device as the victim used beforehand.

Recommendations For versions prior to 5.7.9, update to version 5.7.9 to resolve the issue. As a temporary workaround for older versions, consider using the Shopware security plugin to mitigate the vulnerability.