2 matches found
CVE-2022-24743 Insufficient Session Expiration in Sylius
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue ...
CVE-2022-24743
Sylius CVE-2022-24743 affects the reset password flow: prior to 1.10.11 and 1.11.2, the reset token was not nulled after a password change, allowing token reuse and potential token leakage leading to unauthorized password changes. The vulnerability is fixed in 1.10.11 and 1.11.2. The provided wor...