admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-247xx/CVE-2022-24747.json
cad-safe-bot 4ce0bf7565 Auto-Update: 2023-06-30T20:00:31.125250+00:00
2023-06-30 20:00:34 +00:00

152 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-24747",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-09T23:15:08.250",
"lastModified": "2023-06-30T19:04:00.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds."
},
{
"lang": "es",
"value": "Shopware es una plataforma de comercio abierta basada en el framework php Symfony y el framework javascript Vue. Las versiones afectadas de shopware no configuran correctamente los encabezados HTTP confidenciales para que no sean almacenadas en cach\u00e9. Si se presenta una cach\u00e9 HTTP entre el servidor y el cliente, los encabezados pueden quedar expuestos por medio de las cach\u00e9s HTTP. Este problema ha sido resuelto en la versi\u00f3n 6.4.8.2. No se presentan medidas de mitigaci\u00f3n conocidas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.4.8.2",
"matchCriteriaId": "99D92123-B959-4BEA-9A76-33FE0FBBD691"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-03-2022",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/shopware/platform/commit/d51863148f32306aafdbc7f9f48887c69fce206f",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/shopware/platform/security/advisories/GHSA-6wrh-279j-6hvw",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink