Add CVE-2022-24745 for GHSA-jp6h-mxhx-pgqh

2025-07-29 05:56:59 +00:00 · 2022-03-09 22:05:03 +00:00 · 2022-03-09 22:05:03 +00:00 · 6bcae9a589
commit 6bcae9a589
parent 6567388c1d
1 changed files with 71 additions and 6 deletions
--- a/2022/24xxx/CVE-2022-24745.json
+++ b/2022/24xxx/CVE-2022-24745.json
@ -1,18 +1,83 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24745",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Guest session is shared between customers in shopware"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "platform",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 6.4.8.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "shopware"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 4.8,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-384: Session Fixation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/shopware/platform/security/advisories/GHSA-jp6h-mxhx-pgqh",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/shopware/platform/security/advisories/GHSA-jp6h-mxhx-pgqh"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-jp6h-mxhx-pgqh",
+        "discovery": "UNKNOWN"
    }
 }