Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7

Shopware has Insufficient Session Expiration in Administration

Impact

The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time.

Patches

We added an automatic logout into the Administration, so the user will be logged out when they are inactive.

References

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates

Permalink: https://github.com/advisories/GHSA-59qg-93jg-236f

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 15 days ago
Updated: 15 days ago

CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-59qg-93jg-236f, CVE-2023-22732
References:

Affected Packages

packagist:shopware/core
Versions: <= 6.4.18.0
Fixed in: 6.4.18.1
packagist:shopware/platform
Versions: <= 6.4.18.0
Fixed in: 6.4.18.1