CVE-2022-21652

Insufficient Session Expiration in packagist/shopware/shopware

Identifiers

CVE-2022-21652, GHSA-p523-jrph-qjc6

Package Slug

packagist/shopware/shopware

Vulnerability

Insufficient Session Expiration

Description

Shopware is an open source e-commerce software platform.With the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.

Affected Versions

All versions starting from 5.7.3 before 5.7.7

Solution

Upgrade to version 5.7.7 or above.

Last Modified

2022-01-13

source