Vulnerability Data

CVE-2022-21652

Track security vulnerabilities

Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.

Published at
2022-01-05
11 days ago
Modified
2022-01-05
11 days ago
2022
Year
The year of the turtle

https://github.com/shopware/shopware/security/advisories/GHSA-p523-jrph-qjc6

CONFIRM:https://github.com/shopware/shopware/security/advisories/GHSA-p523-jrph-qjc6

Read More about itMore info

https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022

MISC:https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022

Read More about itMore info

https://github.com/shopware/shopware/commit/47ebd126a94f4b019b6fde64c0df3d18d74ef7d0

MISC:https://github.com/shopware/shopware/commit/47ebd126a94f4b019b6fde64c0df3d18d74ef7d0

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2022-21652"
	},
	"Notes": {
		"Note": [
			{
				"_text": "Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can't be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue."
			},
			{
				"_text": "2022-01-05"
			},
			{
				"_text": "2022-01-05"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2022-21652"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://github.com/shopware/shopware/security/advisories/GHSA-p523-jrph-qjc6"
				},
				"Description": {
					"_text": "CONFIRM:https://github.com/shopware/shopware/security/advisories/GHSA-p523-jrph-qjc6"
				}
			},
			{
				"URL": {
					"_text": "https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022"
				},
				"Description": {
					"_text": "MISC:https://docs.shopware.com/en/shopware-5-en/securityupdates/security-update-01-2022"
				}
			},
			{
				"URL": {
					"_text": "https://github.com/shopware/shopware/commit/47ebd126a94f4b019b6fde64c0df3d18d74ef7d0"
				},
				"Description": {
					"_text": "MISC:https://github.com/shopware/shopware/commit/47ebd126a94f4b019b6fde64c0df3d18d74ef7d0"
				}
			}
		]
	}
}