Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-04-28T14:20:12
Updated: 2024-08-03T04:29:00.669Z
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24892
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-04-28T15:15:10.027
Modified: 2024-11-21T06:51:20.243
Link: CVE-2022-24892
Redhat
No data.