shopware/core is vulnerable to Information Disclosure. The vulnerability exists because the handle
function of SendMailAction.php
does not properly hide the password reset email of customers and admin users in logs, allowing an attacker to gain sensitive information if they have access to a central logging platform.
CPE | Name | Operator | Version |
---|---|---|---|
shopware/core | le | 6.4.18.0 | |
shopware/platform | le | 6.4.18.0 | |
shopware/core | le | 6.4.18.0 | |
shopware/platform | le | 6.4.18.0 |
developer.shopware.com/docs/guides/hosting/performance/performance-tweaks#logging
docs.shopware.com/en/shopware-6-en/security-updates/security-update-01-2023?category=security-updates
github.com/shopware/core/commit/064de36de4b76dc0da7d21af4a51dd2a45bb63f3
github.com/shopware/platform/commit/407a83063d7141c1a626441799c3ebef79498c07
github.com/shopware/platform/security/advisories/GHSA-7cp7-jfp6-jh4f