Incorrect Authentication in shopware

2022-03-1018:02:14

Google

osv.dev

0.001 Low

EPSS

Percentile

26.7%

JSON

Impact

Modify Customers, create Orders without App Permission

Patches

We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview.

https://www.shopware.com/en/download/#shopware-6

Workarounds

For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

CPENameOperatorVersion
shopware/coreeq6.3.5.1
shopware/coreeq6.4.8.0
shopware/coreeq6.3.2.1
shopware/coreeq6.3.4.1
shopware/coreeq6.4.0.0-RC1
shopware/coreeq6.2.2
shopware/coreeq6.4.5.1
shopware/coreeq6.3.4.0
shopware/coreeq6.4.1.2
shopware/coreeq6.1.0-rc1

Name	Operator	Version
shopware/core	eq	6.3.5.1
shopware/core	eq	6.4.8.0
shopware/core	eq	6.3.2.1
shopware/core	eq	6.3.4.1
shopware/core	eq	6.4.0.0-RC1
shopware/core	eq	6.2.2
shopware/core	eq	6.4.5.1
shopware/core	eq	6.3.4.0
shopware/core	eq	6.4.1.2
shopware/core	eq	6.1.0-rc1