CVE-2022-24743

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.

CVSS v3 8.2 HIGH
CVSS v2.0 6.4 MEDIUM

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sylius:sylius::::::::
	cpe:2.3:a:sylius:sylius::::::::

History

No history.

Information

Published : 2022-03-14 21:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-24743

Mitre link : CVE-2022-24743

CVE.ORG link : CVE-2022-24743

JSON object : View

Products Affected

sylius

sylius

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2022-24743", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2022-03-14T21:15:07.947", "references": [{"url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."}, {"lang": "es", "value": "Sylius es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. En versiones anteriores a 1.10.11 y 1.11.2, el token de restablecimiento de contrase\u00f1a no se establec\u00eda como nulo despu\u00e9s de cambiar la contrase\u00f1a. El mismo token pod\u00eda ser usado varias veces, lo que pod\u00eda resultar en un filtrado del token existente y a un cambio de contrase\u00f1a no autorizado. El problema ha sido corregido en versiones 1.10.11 y 1.11.2. Como medida de mitigaci\u00f3n, sobrescriba la clase \"Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler\" con el c\u00f3digo proporcionado por los mantenedores y reg\u00edstrela en un contenedor. M\u00e1s informaci\u00f3n sobre esta medida de mitigaci\u00f3n est\u00e1 disponible en el aviso de seguridad de GitHub"}], "lastModified": "2022-03-22T15:06:24.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "687E9BB6-A926-4A62-B44E-7A1B236D6C6F", "versionEndExcluding": "1.10.11", "versionStartIncluding": "1.10.0"}, {"criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D032BB-B314-42A5-808D-5861B909F76F", "versionEndExcluding": "1.11.2", "versionStartIncluding": "1.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}