Lucene search

GitHub_MCVELIST:CVE-2023-34099

HistoryJun 27, 2023 - 4:29 p.m.

CVE-2023-34099 Improper mail validation in Shopware

2023-06-2716:29:07

CWE-754

GitHub_M

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

31.7%

JSON

Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.

CNA Affected

[
  {
    "vendor": "shopware",
    "product": "shopware",
    "versions": [
      {
        "version": "< 5.7.18",
        "status": "affected"
      }
    ]
  }
]

References

docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023

github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5

github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d

www.shopware.com/en/changelog-sw5/#5-7-18

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for CVELIST:CVE-2023-34099