CVE-2022-24748

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-24748

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24748.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24748

Aliases

GHSA-83vp-6jqg-6cmr

Published

2022-03-09T22:25:09Z

Modified

2026-03-14T11:37:50.742292Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Incorrect Authentication in shopware

Details

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24748.json",
    "cwe_ids": [
        "CWE-287"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/shopware/core

Affected ranges

Type: GIT
Repo: https://github.com/shopware/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f186c17d0312f61ebd44fdcb06ce6f76bddb80a0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24748.json"

Git / github.com/shopware/shopware

Affected ranges

Type

GIT

Repo

https://github.com/shopware/shopware

Events

Introduced

Fixed

10966020176e0d79fd5a390cd5454d9cf214ffc9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.4.8.2"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24748.json"