GHSA-68wv-g3fw-pq7q: Shopware Broken ACL on Document retrieval to access other customers documents

April 8, 2025

It’s possible to guess the deepLinkCode of an Document to open documents of other customers

References

github.com/advisories/GHSA-68wv-g3fw-pq7q
github.com/shopware/shopware
github.com/shopware/shopware/releases/tag/v6.5.8.17
github.com/shopware/shopware/releases/tag/v6.6.10.3
github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
github.com/shopware/shopware/security/advisories/GHSA-68wv-g3fw-pq7q

Code Behaviors & Features

Detect and mitigate GHSA-68wv-g3fw-pq7q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →