Vulnerability CVE-2022-24742

Vulnerability CVE-2022-24742

Published: 2022-03-14

Description:

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Sylius -> Sylius

References:

https://github.com/Sylius/Sylius/releases/tag/v1.11.2

https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p

https://github.com/Sylius/Sylius/releases/tag/v1.9.10

https://github.com/Sylius/Sylius/releases/tag/v1.10.11

Copyright 2024, cxsecurity.com