6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
41.3%
The log module contains all kind of sent mails. It is possible to see the password reset email of customers and admin users to gain probably more access.
Update to the latest 6.4.18.1 version.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/core | le | 6.4.18.0 | |
shopware/platform | le | 6.4.18.0 |
developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging
docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
github.com/advisories/GHSA-7cp7-jfp6-jh4f
github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07
github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f
nvd.nist.gov/vuln/detail/CVE-2023-22733