cvelistv5 - CVE-2022-24743

CVE-2022-24743 (GCVE-0-2022-24743)

Vulnerability from cvelistv5

Published

2022-03-14 21:00

Modified

2025-04-22 18:18

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CWE

CWE-613 - Insufficient Session Expiration

Summary

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.

References

URL	Tags
security-advisories@github.com	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
security-advisories@github.com	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
security-advisories@github.com	https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	Sylius	Sylius	Version: < 1.10.11 Version: >= 1.11.0, < 1.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24743",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:49:17.884088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T18:18:50.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sylius",
          "vendor": "Sylius",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.10.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.11.0, \u003c 1.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-14T21:00:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
        }
      ],
      "source": {
        "advisory": "GHSA-mf3v-f2qq-pf9g",
        "discovery": "UNKNOWN"
      },
      "title": "Insufficient Session Expiration in Sylius",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24743",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in Sylius"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sylius",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.10.11"
                          },
                          {
                            "version_value": "\u003e= 1.11.0, \u003c 1.11.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sylius"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613: Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
              "refsource": "MISC",
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
            },
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
              "refsource": "MISC",
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
            },
            {
              "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
              "refsource": "CONFIRM",
              "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-mf3v-f2qq-pf9g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24743",
    "datePublished": "2022-03-14T21:00:14.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-22T18:18:50.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24743\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-03-14T21:15:07.947\",\"lastModified\":\"2024-11-21T06:50:59.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"},{\"lang\":\"es\",\"value\":\"Sylius es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. En versiones anteriores a 1.10.11 y 1.11.2, el token de restablecimiento de contrase\u00f1a no se establec\u00eda como nulo despu\u00e9s de cambiar la contrase\u00f1a. El mismo token pod\u00eda ser usado varias veces, lo que pod\u00eda resultar en un filtrado del token existente y a un cambio de contrase\u00f1a no autorizado. El problema ha sido corregido en versiones 1.10.11 y 1.11.2. Como medida de mitigaci\u00f3n, sobrescriba la clase \\\"Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler\\\" con el c\u00f3digo proporcionado por los mantenedores y reg\u00edstrela en un contenedor. M\u00e1s informaci\u00f3n sobre esta medida de mitigaci\u00f3n est\u00e1 disponible en el aviso de seguridad de GitHub\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.10.0\",\"versionEndExcluding\":\"1.10.11\",\"matchCriteriaId\":\"687E9BB6-A926-4A62-B44E-7A1B236D6C6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.0\",\"versionEndExcluding\":\"1.11.2\",\"matchCriteriaId\":\"D4D032BB-B314-42A5-808D-5861B909F76F\"}]}]}],\"references\":[{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.484Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24743\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:49:17.884088Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:49:19.484Z\"}}], \"cna\": {\"title\": \"Insufficient Session Expiration in Sylius\", \"source\": {\"advisory\": \"GHSA-mf3v-f2qq-pf9g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Sylius\", \"product\": \"Sylius\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.10.11\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.11.0, \u003c 1.11.2\"}]}], \"references\": [{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613: Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-03-14T21:00:14.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"advisory\": \"GHSA-mf3v-f2qq-pf9g\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c 1.10.11\"}, {\"version_value\": \"\u003e= 1.11.0, \u003c 1.11.2\"}]}, \"product_name\": \"Sylius\"}]}, \"vendor_name\": \"Sylius\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"name\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"name\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"name\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-613: Insufficient Session Expiration\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-24743\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Insufficient Session Expiration in Sylius\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24743\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T18:18:50.307Z\", \"dateReserved\": \"2022-02-10T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-03-14T21:00:14.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2022-24743

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-24743

Aliases

CVE-2022-24743

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24743",
    "description": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.",
    "id": "GSD-2022-24743"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24743"
      ],
      "details": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.",
      "id": "GSD-2022-24743",
      "modified": "2023-12-13T01:19:43.223376Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24743",
        "STATE": "PUBLIC",
        "TITLE": "Insufficient Session Expiration in Sylius"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sylius",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.10.11"
                        },
                        {
                          "version_value": "\u003e= 1.11.0, \u003c 1.11.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sylius"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-613: Insufficient Session Expiration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
            "refsource": "MISC",
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
          },
          {
            "name": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
            "refsource": "MISC",
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
          },
          {
            "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
            "refsource": "CONFIRM",
            "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-mf3v-f2qq-pf9g",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.10.0,\u003c1.10.11||\u003e=1.11.0,\u003c1.11.2",
          "affected_versions": "All versions starting from 1.10.0 before 1.10.11, all versions starting from 1.11.0 before 1.11.2",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2022-03-22",
          "description": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.",
          "fixed_versions": [
            "1.10.11",
            "1.11.2"
          ],
          "identifier": "CVE-2022-24743",
          "identifiers": [
            "CVE-2022-24743",
            "GHSA-mf3v-f2qq-pf9g"
          ],
          "not_impacted": "All versions before 1.10.0, all versions starting from 1.10.11 before 1.11.0, all versions starting from 1.11.2",
          "package_slug": "packagist/sylius/sylius",
          "pubdate": "2022-03-14",
          "solution": "Upgrade to versions 1.10.11, 1.11.2 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-24743",
            "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
            "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
            "https://github.com/advisories/GHSA-mf3v-f2qq-pf9g"
          ],
          "uuid": "25e85467-cb8d-4dcd-a071-3210d3201b0b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.10.11",
                "versionStartIncluding": "1.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.2",
                "versionStartIncluding": "1.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24743"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
            },
            {
              "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
            },
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2022-03-22T15:06Z",
      "publishedDate": "2022-03-14T21:15Z"
    }
  }
}

ghsa-mf3v-f2qq-pf9g

Vulnerability from github

Published

2022-03-14 22:30

Modified

2022-03-15 21:48

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Summary

Insufficient Session Expiration in Sylius

Details

Impact

The reset password token was not set to null after the password was changed. This is causing behaviour in which the same token can be used several times, so it can result in a leak of the existing token and an unauthorised password change.

Patches

The issue is fixed in versions: 1.10.11, 1.11.2 and above

Workarounds

You have to overwrite your Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler class using this code:

```php <?php declare(strict_types=1);

namespace App\CommandHandler\Account;

use Sylius\Bundle\ApiBundle\Command\Account\ResetPassword; use Sylius\Component\Core\Model\ShopUserInterface; use Sylius\Component\Resource\Metadata\MetadataInterface; use Sylius\Component\User\Repository\UserRepositoryInterface; use Sylius\Component\User\Security\PasswordUpdaterInterface; use Symfony\Component\Messenger\Handler\MessageHandlerInterface; use Webmozart\Assert\Assert;

final class ResetPasswordHandler implements MessageHandlerInterface { private UserRepositoryInterface $userRepository; private MetadataInterface $metadata; private PasswordUpdaterInterface $passwordUpdater;

public function __construct(
    UserRepositoryInterface $userRepository,
    MetadataInterface $metadata,
    PasswordUpdaterInterface $passwordUpdater
) {
    $this->userRepository = $userRepository;
    $this->metadata = $metadata;
    $this->passwordUpdater = $passwordUpdater;
}

public function __invoke(ResetPassword $command): void
{
    /** @var ShopUserInterface|null $user */
    $user = $this->userRepository->findOneBy(['passwordResetToken' => $command->resetPasswordToken]);

    Assert::notNull($user, 'No user found with reset token: ' . $command->resetPasswordToken);

    $resetting = $this->metadata->getParameter('resetting');
    $lifetime = new \DateInterval($resetting['token']['ttl']);

    if (!$user->isPasswordRequestNonExpired($lifetime)) {
        throw new \InvalidArgumentException('Password reset token has expired');
    }

    if ($command->resetPasswordToken !== $user->getPasswordResetToken()) {
        throw new \InvalidArgumentException('Password reset token does not match.');
    }

    $user->setPlainPassword($command->newPassword);

    $this->passwordUpdater->updatePassword($user);
    $user->setPasswordResetToken(null);
}

} ``` And register it in container:

```yaml

App\CommandHandler\Account\ResetPasswordHandler: arguments: - '@sylius.repository.shop_user' - !service class: Sylius\Component\Resource\Metadata\MetadataInterface factory: [ '@sylius.resource_registry', 'get' ] arguments: - 'sylius.shop_user' - '@sylius.security.password_updater' tags: - { name: messenger.message_handler, bus: sylius.command_bus } - { name: messenger.message_handler, bus: sylius_default.bus }

```

For more information

If you have any questions or comments about this advisory: * Open an issue in Sylius issues * Email us at security@sylius.com

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-14T22:30:46Z",
    "nvd_published_at": "2022-03-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe reset password token was not set to null after the password was changed. This is causing behaviour in which the same token can be used several times, so it can result in a leak of the existing token and an unauthorised password change.\n\n### Patches\nThe issue is fixed in versions: 1.10.11, 1.11.2 and above\n\n### Workarounds\nYou have to overwrite your `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class using this code:\n\n```php\n\u003c?php\ndeclare(strict_types=1);\n\nnamespace App\\CommandHandler\\Account;\n\nuse Sylius\\Bundle\\ApiBundle\\Command\\Account\\ResetPassword;\nuse Sylius\\Component\\Core\\Model\\ShopUserInterface;\nuse Sylius\\Component\\Resource\\Metadata\\MetadataInterface;\nuse Sylius\\Component\\User\\Repository\\UserRepositoryInterface;\nuse Sylius\\Component\\User\\Security\\PasswordUpdaterInterface;\nuse Symfony\\Component\\Messenger\\Handler\\MessageHandlerInterface;\nuse Webmozart\\Assert\\Assert;\n\nfinal class ResetPasswordHandler implements MessageHandlerInterface\n{\n    private UserRepositoryInterface $userRepository;\n    private MetadataInterface $metadata;\n    private PasswordUpdaterInterface $passwordUpdater;\n\n    public function __construct(\n        UserRepositoryInterface $userRepository,\n        MetadataInterface $metadata,\n        PasswordUpdaterInterface $passwordUpdater\n    ) {\n        $this-\u003euserRepository = $userRepository;\n        $this-\u003emetadata = $metadata;\n        $this-\u003epasswordUpdater = $passwordUpdater;\n    }\n\n    public function __invoke(ResetPassword $command): void\n    {\n        /** @var ShopUserInterface|null $user */\n        $user = $this-\u003euserRepository-\u003efindOneBy([\u0027passwordResetToken\u0027 =\u003e $command-\u003eresetPasswordToken]);\n\n        Assert::notNull($user, \u0027No user found with reset token: \u0027 . $command-\u003eresetPasswordToken);\n\n        $resetting = $this-\u003emetadata-\u003egetParameter(\u0027resetting\u0027);\n        $lifetime = new \\DateInterval($resetting[\u0027token\u0027][\u0027ttl\u0027]);\n\n        if (!$user-\u003eisPasswordRequestNonExpired($lifetime)) {\n            throw new \\InvalidArgumentException(\u0027Password reset token has expired\u0027);\n        }\n\n        if ($command-\u003eresetPasswordToken !== $user-\u003egetPasswordResetToken()) {\n            throw new \\InvalidArgumentException(\u0027Password reset token does not match.\u0027);\n        }\n\n        $user-\u003esetPlainPassword($command-\u003enewPassword);\n\n        $this-\u003epasswordUpdater-\u003eupdatePassword($user);\n        $user-\u003esetPasswordResetToken(null);\n    }\n}\n```\nAnd register it in container:\n\n```yaml\n\nApp\\CommandHandler\\Account\\ResetPasswordHandler:\n    arguments:\n        - \u0027@sylius.repository.shop_user\u0027\n        - !service\n              class: Sylius\\Component\\Resource\\Metadata\\MetadataInterface\n              factory: [ \u0027@sylius.resource_registry\u0027, \u0027get\u0027 ]\n              arguments:\n                    - \u0027sylius.shop_user\u0027\n                    - \u0027@sylius.security.password_updater\u0027\n    tags:\n        - { name: messenger.message_handler, bus: sylius.command_bus }\n        - { name: messenger.message_handler, bus: sylius_default.bus }\n         \n```\n\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues)\n* Email us at [security@sylius.com](mailto:security@sylius.com)\n",
  "id": "GHSA-mf3v-f2qq-pf9g",
  "modified": "2022-03-15T21:48:34Z",
  "published": "2022-03-14T22:30:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24743"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sylius/Sylius"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Session Expiration in Sylius"
}

cnvd-2022-20524

Vulnerability from cnvd

Title: Sylius代码问题漏洞

Description:

Sylius是波兰Sylius公司的一套基于Symfony框架的开源电子商务平台。

Sylius存在代码问题漏洞，该漏洞可能导致现有令牌泄漏和未经授权的密码更改。目前没有详细的漏洞细节提供。

Severity: 高

Patch Name: Sylius代码问题漏洞的补丁

Patch Description:

Sylius是波兰Sylius公司的一套基于Symfony框架的开源电子商务平台。

Sylius存在代码问题漏洞，该漏洞可能导致现有令牌泄漏和未经授权的密码更改。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g

Reference: https://cxsecurity.com/cveshow/CVE-2022-24743/

Impacted products

Name
sylius Sylius

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24743"
    }
  },
  "description": "Sylius\u662f\u6ce2\u5170Sylius\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eSymfony\u6846\u67b6\u7684\u5f00\u6e90\u7535\u5b50\u5546\u52a1\u5e73\u53f0\u3002\n\nSylius\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u73b0\u6709\u4ee4\u724c\u6cc4\u6f0f\u548c\u672a\u7ecf\u6388\u6743\u7684\u5bc6\u7801\u66f4\u6539\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-20524",
  "openTime": "2022-03-18",
  "patchDescription": "Sylius\u662f\u6ce2\u5170Sylius\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eSymfony\u6846\u67b6\u7684\u5f00\u6e90\u7535\u5b50\u5546\u52a1\u5e73\u53f0\u3002\r\n\r\nSylius\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u73b0\u6709\u4ee4\u724c\u6cc4\u6f0f\u548c\u672a\u7ecf\u6388\u6743\u7684\u5bc6\u7801\u66f4\u6539\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sylius\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "sylius Sylius"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2022-24743/",
  "serverity": "\u9ad8",
  "submitTime": "2022-03-16",
  "title": "Sylius\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

fkie_cve-2022-24743

Vulnerability from fkie_nvd

Published

2022-03-14 21:15

Modified

2024-11-21 06:50

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
security-advisories@github.com	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
security-advisories@github.com	https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	sylius	sylius	*
	sylius	sylius	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "687E9BB6-A926-4A62-B44E-7A1B236D6C6F",
              "versionEndExcluding": "1.10.11",
              "versionStartIncluding": "1.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D032BB-B314-42A5-808D-5861B909F76F",
              "versionEndExcluding": "1.11.2",
              "versionStartIncluding": "1.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
    },
    {
      "lang": "es",
      "value": "Sylius es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. En versiones anteriores a 1.10.11 y 1.11.2, el token de restablecimiento de contrase\u00f1a no se establec\u00eda como nulo despu\u00e9s de cambiar la contrase\u00f1a. El mismo token pod\u00eda ser usado varias veces, lo que pod\u00eda resultar en un filtrado del token existente y a un cambio de contrase\u00f1a no autorizado. El problema ha sido corregido en versiones 1.10.11 y 1.11.2. Como medida de mitigaci\u00f3n, sobrescriba la clase \"Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler\" con el c\u00f3digo proporcionado por los mantenedores y reg\u00edstrela en un contenedor. M\u00e1s informaci\u00f3n sobre esta medida de mitigaci\u00f3n est\u00e1 disponible en el aviso de seguridad de GitHub"
    }
  ],
  "id": "CVE-2022-24743",
  "lastModified": "2024-11-21T06:50:59.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-14T21:15:07.947",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-24743 (GCVE-0-2022-24743)

Vulnerability from cvelistv5

gsd-2022-24743

Vulnerability from gsd

ghsa-mf3v-f2qq-pf9g

Vulnerability from github

Impact

Patches

Workarounds

For more information

cnvd-2022-20524

Vulnerability from cnvd

fkie_cve-2022-24743

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature