Lucene search
GoogleOSV:GHSA-PF38-V6QJ-J23HHistoryApr 28, 2022 - 9:01 p.m.
Malfunction of CSRF token validation in Shopware
2022-04-2821:01:53
Google
osv.dev
12
0.001 Low
EPSS
Percentile
26.1%
Impact
The CSRF tokens were not renewed after login and logout.
An attacker could impersonate the victim if the attacker is able to use the same device as the victim used beforehand.
Patches
We recommend updating to the current version 5.7.9. You can get the update to 5.7.9 regularly via the Auto-Updater or directly via the download overview.
https://www.shopware.com/en/changelog-sw5/#5-7-9
For older versions you can use the Security Plugin:
https://store.shopware.com/en/swag575294366635f/shopware-security-plugin.html
References
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-04-2022
Related
prion
prion
Cross site request forgery (csrf)
2022-04-28 15:15:00
github
github
Malfunction of CSRF token validation in Shopware
2022-04-28 21:01:53
nvd
nvd
CVE-2022-24879
2022-04-28 15:15:09
veracode
veracode
Cross Site Request Forgery (CSRF)
2022-04-29 07:14:13
cnvd
cnvd
Shopware Cross-Site Request Forgery Vulnerability
2022-05-05 00:00:00
cve
cve
CVE-2022-24879
2022-04-28 15:15:09
cvelist
cvelist
CVE-2022-24879 Malfunction of Cross-Site Request Forgery token validation
2022-04-28 14:15:14