CVE-2022-24742 Information
Jun 07, 2022
cve
Description
Sylius is an open source eCommerce platform. Prior to versions 1.9.10 1.10.11 and 1.11.2 any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10 1.10.11 and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Reference
https://github.com/Sylius/Sylius/releases/tag/v1.11.2 https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p https://github.com/Sylius/Sylius/releases/tag/v1.9.10 https://github.com/Sylius/Sylius/releases/tag/v1.10.11
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.5
Share on: