cvelistv5 - cve-2022-24743

CVE-2022-24743 (GCVE-0-2022-24743)

Vulnerability from cvelistv5 – Published: 2022-03-14 21:00 – Updated: 2025-04-22 18:18

Title

Insufficient Session Expiration in Sylius

Summary

Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CWE

CWE-613 - Insufficient Session Expiration

Assigner

GitHub_M

References

URL

Tags

	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	x_refsource_MISC
	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	x_refsource_MISC
	https://github.com/Sylius/Sylius/security/advisor…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Sylius	Sylius	Affected: < 1.10.11 Affected: >= 1.11.0, < 1.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24743",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:49:17.884088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T18:18:50.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sylius",
          "vendor": "Sylius",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.10.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.11.0, \u003c 1.11.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-14T21:00:14.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
        }
      ],
      "source": {
        "advisory": "GHSA-mf3v-f2qq-pf9g",
        "discovery": "UNKNOWN"
      },
      "title": "Insufficient Session Expiration in Sylius",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24743",
          "STATE": "PUBLIC",
          "TITLE": "Insufficient Session Expiration in Sylius"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sylius",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.10.11"
                          },
                          {
                            "version_value": "\u003e= 1.11.0, \u003c 1.11.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sylius"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-613: Insufficient Session Expiration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
              "refsource": "MISC",
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
            },
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
              "refsource": "MISC",
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
            },
            {
              "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
              "refsource": "CONFIRM",
              "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-mf3v-f2qq-pf9g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24743",
    "datePublished": "2022-03-14T21:00:14.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-22T18:18:50.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.10.0\", \"versionEndExcluding\": \"1.10.11\", \"matchCriteriaId\": \"687E9BB6-A926-4A62-B44E-7A1B236D6C6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.11.0\", \"versionEndExcluding\": \"1.11.2\", \"matchCriteriaId\": \"D4D032BB-B314-42A5-808D-5861B909F76F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"}, {\"lang\": \"es\", \"value\": \"Sylius es una plataforma de comercio electr\\u00f3nico de c\\u00f3digo abierto. En versiones anteriores a 1.10.11 y 1.11.2, el token de restablecimiento de contrase\\u00f1a no se establec\\u00eda como nulo despu\\u00e9s de cambiar la contrase\\u00f1a. El mismo token pod\\u00eda ser usado varias veces, lo que pod\\u00eda resultar en un filtrado del token existente y a un cambio de contrase\\u00f1a no autorizado. El problema ha sido corregido en versiones 1.10.11 y 1.11.2. Como medida de mitigaci\\u00f3n, sobrescriba la clase \\\"Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler\\\" con el c\\u00f3digo proporcionado por los mantenedores y reg\\u00edstrela en un contenedor. M\\u00e1s informaci\\u00f3n sobre esta medida de mitigaci\\u00f3n est\\u00e1 disponible en el aviso de seguridad de GitHub\"}]",
      "id": "CVE-2022-24743",
      "lastModified": "2024-11-21T06:50:59.970",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-03-14T21:15:07.947",
      "references": "[{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24743\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-03-14T21:15:07.947\",\"lastModified\":\"2024-11-21T06:50:59.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"},{\"lang\":\"es\",\"value\":\"Sylius es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. En versiones anteriores a 1.10.11 y 1.11.2, el token de restablecimiento de contrase\u00f1a no se establec\u00eda como nulo despu\u00e9s de cambiar la contrase\u00f1a. El mismo token pod\u00eda ser usado varias veces, lo que pod\u00eda resultar en un filtrado del token existente y a un cambio de contrase\u00f1a no autorizado. El problema ha sido corregido en versiones 1.10.11 y 1.11.2. Como medida de mitigaci\u00f3n, sobrescriba la clase \\\"Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler\\\" con el c\u00f3digo proporcionado por los mantenedores y reg\u00edstrela en un contenedor. M\u00e1s informaci\u00f3n sobre esta medida de mitigaci\u00f3n est\u00e1 disponible en el aviso de seguridad de GitHub\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.10.0\",\"versionEndExcluding\":\"1.10.11\",\"matchCriteriaId\":\"687E9BB6-A926-4A62-B44E-7A1B236D6C6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.0\",\"versionEndExcluding\":\"1.11.2\",\"matchCriteriaId\":\"D4D032BB-B314-42A5-808D-5861B909F76F\"}]}]}],\"references\":[{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.484Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24743\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:49:17.884088Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:49:19.484Z\"}}], \"cna\": {\"title\": \"Insufficient Session Expiration in Sylius\", \"source\": {\"advisory\": \"GHSA-mf3v-f2qq-pf9g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Sylius\", \"product\": \"Sylius\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.10.11\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.11.0, \u003c 1.11.2\"}]}], \"references\": [{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613: Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-03-14T21:00:14.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"advisory\": \"GHSA-mf3v-f2qq-pf9g\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c 1.10.11\"}, {\"version_value\": \"\u003e= 1.11.0, \u003c 1.11.2\"}]}, \"product_name\": \"Sylius\"}]}, \"vendor_name\": \"Sylius\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"name\": \"https://github.com/Sylius/Sylius/releases/tag/v1.10.11\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"name\": \"https://github.com/Sylius/Sylius/releases/tag/v1.11.2\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"name\": \"https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\\\Bundle\\\\ApiBundle\\\\CommandHandler\\\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-613: Insufficient Session Expiration\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-24743\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Insufficient Session Expiration in Sylius\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24743\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T18:18:50.307Z\", \"dateReserved\": \"2022-02-10T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-03-14T21:00:14.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-MF3V-F2QQ-PF9G

Vulnerability from github – Published: 2022-03-14 22:30 – Updated: 2022-03-15 21:48

Summary

Insufficient Session Expiration in Sylius

Details

Impact

The reset password token was not set to null after the password was changed. This is causing behaviour in which the same token can be used several times, so it can result in a leak of the existing token and an unauthorised password change.

Patches

The issue is fixed in versions: 1.10.11, 1.11.2 and above

Workarounds

You have to overwrite your Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler class using this code:

<?php
declare(strict_types=1);

namespace App\CommandHandler\Account;

use Sylius\Bundle\ApiBundle\Command\Account\ResetPassword;
use Sylius\Component\Core\Model\ShopUserInterface;
use Sylius\Component\Resource\Metadata\MetadataInterface;
use Sylius\Component\User\Repository\UserRepositoryInterface;
use Sylius\Component\User\Security\PasswordUpdaterInterface;
use Symfony\Component\Messenger\Handler\MessageHandlerInterface;
use Webmozart\Assert\Assert;

final class ResetPasswordHandler implements MessageHandlerInterface
{
    private UserRepositoryInterface $userRepository;
    private MetadataInterface $metadata;
    private PasswordUpdaterInterface $passwordUpdater;

    public function __construct(
        UserRepositoryInterface $userRepository,
        MetadataInterface $metadata,
        PasswordUpdaterInterface $passwordUpdater
    ) {
        $this->userRepository = $userRepository;
        $this->metadata = $metadata;
        $this->passwordUpdater = $passwordUpdater;
    }

    public function __invoke(ResetPassword $command): void
    {
        /** @var ShopUserInterface|null $user */
        $user = $this->userRepository->findOneBy(['passwordResetToken' => $command->resetPasswordToken]);

        Assert::notNull($user, 'No user found with reset token: ' . $command->resetPasswordToken);

        $resetting = $this->metadata->getParameter('resetting');
        $lifetime = new \DateInterval($resetting['token']['ttl']);

        if (!$user->isPasswordRequestNonExpired($lifetime)) {
            throw new \InvalidArgumentException('Password reset token has expired');
        }

        if ($command->resetPasswordToken !== $user->getPasswordResetToken()) {
            throw new \InvalidArgumentException('Password reset token does not match.');
        }

        $user->setPlainPassword($command->newPassword);

        $this->passwordUpdater->updatePassword($user);
        $user->setPasswordResetToken(null);
    }
}

And register it in container:


App\CommandHandler\Account\ResetPasswordHandler:
    arguments:
        - '@sylius.repository.shop_user'
        - !service
              class: Sylius\Component\Resource\Metadata\MetadataInterface
              factory: [ '@sylius.resource_registry', 'get' ]
              arguments:
                    - 'sylius.shop_user'
                    - '@sylius.security.password_updater'
    tags:
        - { name: messenger.message_handler, bus: sylius.command_bus }
        - { name: messenger.message_handler, bus: sylius_default.bus }

For more information

If you have any questions or comments about this advisory: * Open an issue in Sylius issues * Email us at security@sylius.com

Severity ?

7.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sylius/sylius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-14T22:30:46Z",
    "nvd_published_at": "2022-03-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe reset password token was not set to null after the password was changed. This is causing behaviour in which the same token can be used several times, so it can result in a leak of the existing token and an unauthorised password change.\n\n### Patches\nThe issue is fixed in versions: 1.10.11, 1.11.2 and above\n\n### Workarounds\nYou have to overwrite your `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class using this code:\n\n```php\n\u003c?php\ndeclare(strict_types=1);\n\nnamespace App\\CommandHandler\\Account;\n\nuse Sylius\\Bundle\\ApiBundle\\Command\\Account\\ResetPassword;\nuse Sylius\\Component\\Core\\Model\\ShopUserInterface;\nuse Sylius\\Component\\Resource\\Metadata\\MetadataInterface;\nuse Sylius\\Component\\User\\Repository\\UserRepositoryInterface;\nuse Sylius\\Component\\User\\Security\\PasswordUpdaterInterface;\nuse Symfony\\Component\\Messenger\\Handler\\MessageHandlerInterface;\nuse Webmozart\\Assert\\Assert;\n\nfinal class ResetPasswordHandler implements MessageHandlerInterface\n{\n    private UserRepositoryInterface $userRepository;\n    private MetadataInterface $metadata;\n    private PasswordUpdaterInterface $passwordUpdater;\n\n    public function __construct(\n        UserRepositoryInterface $userRepository,\n        MetadataInterface $metadata,\n        PasswordUpdaterInterface $passwordUpdater\n    ) {\n        $this-\u003euserRepository = $userRepository;\n        $this-\u003emetadata = $metadata;\n        $this-\u003epasswordUpdater = $passwordUpdater;\n    }\n\n    public function __invoke(ResetPassword $command): void\n    {\n        /** @var ShopUserInterface|null $user */\n        $user = $this-\u003euserRepository-\u003efindOneBy([\u0027passwordResetToken\u0027 =\u003e $command-\u003eresetPasswordToken]);\n\n        Assert::notNull($user, \u0027No user found with reset token: \u0027 . $command-\u003eresetPasswordToken);\n\n        $resetting = $this-\u003emetadata-\u003egetParameter(\u0027resetting\u0027);\n        $lifetime = new \\DateInterval($resetting[\u0027token\u0027][\u0027ttl\u0027]);\n\n        if (!$user-\u003eisPasswordRequestNonExpired($lifetime)) {\n            throw new \\InvalidArgumentException(\u0027Password reset token has expired\u0027);\n        }\n\n        if ($command-\u003eresetPasswordToken !== $user-\u003egetPasswordResetToken()) {\n            throw new \\InvalidArgumentException(\u0027Password reset token does not match.\u0027);\n        }\n\n        $user-\u003esetPlainPassword($command-\u003enewPassword);\n\n        $this-\u003epasswordUpdater-\u003eupdatePassword($user);\n        $user-\u003esetPasswordResetToken(null);\n    }\n}\n```\nAnd register it in container:\n\n```yaml\n\nApp\\CommandHandler\\Account\\ResetPasswordHandler:\n    arguments:\n        - \u0027@sylius.repository.shop_user\u0027\n        - !service\n              class: Sylius\\Component\\Resource\\Metadata\\MetadataInterface\n              factory: [ \u0027@sylius.resource_registry\u0027, \u0027get\u0027 ]\n              arguments:\n                    - \u0027sylius.shop_user\u0027\n                    - \u0027@sylius.security.password_updater\u0027\n    tags:\n        - { name: messenger.message_handler, bus: sylius.command_bus }\n        - { name: messenger.message_handler, bus: sylius_default.bus }\n         \n```\n\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Sylius issues](https://github.com/Sylius/Sylius/issues)\n* Email us at [security@sylius.com](mailto:security@sylius.com)\n",
  "id": "GHSA-mf3v-f2qq-pf9g",
  "modified": "2022-03-15T21:48:34Z",
  "published": "2022-03-14T22:30:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24743"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sylius/Sylius"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Session Expiration in Sylius"
}

GSD-2022-24743

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-24743

Aliases

CVE-2022-24743

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24743",
    "description": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.",
    "id": "GSD-2022-24743"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24743"
      ],
      "details": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.",
      "id": "GSD-2022-24743",
      "modified": "2023-12-13T01:19:43.223376Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24743",
        "STATE": "PUBLIC",
        "TITLE": "Insufficient Session Expiration in Sylius"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sylius",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.10.11"
                        },
                        {
                          "version_value": "\u003e= 1.11.0, \u003c 1.11.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sylius"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-613: Insufficient Session Expiration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
            "refsource": "MISC",
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
          },
          {
            "name": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
            "refsource": "MISC",
            "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
          },
          {
            "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
            "refsource": "CONFIRM",
            "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-mf3v-f2qq-pf9g",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.10.0,\u003c1.10.11||\u003e=1.11.0,\u003c1.11.2",
          "affected_versions": "All versions starting from 1.10.0 before 1.10.11, all versions starting from 1.11.0 before 1.11.2",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2022-03-22",
          "description": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.",
          "fixed_versions": [
            "1.10.11",
            "1.11.2"
          ],
          "identifier": "CVE-2022-24743",
          "identifiers": [
            "CVE-2022-24743",
            "GHSA-mf3v-f2qq-pf9g"
          ],
          "not_impacted": "All versions before 1.10.0, all versions starting from 1.10.11 before 1.11.0, all versions starting from 1.11.2",
          "package_slug": "packagist/sylius/sylius",
          "pubdate": "2022-03-14",
          "solution": "Upgrade to versions 1.10.11, 1.11.2 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-24743",
            "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
            "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
            "https://github.com/advisories/GHSA-mf3v-f2qq-pf9g"
          ],
          "uuid": "25e85467-cb8d-4dcd-a071-3210d3201b0b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.10.11",
                "versionStartIncluding": "1.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.2",
                "versionStartIncluding": "1.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24743"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
            },
            {
              "name": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
            },
            {
              "name": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2022-03-22T15:06Z",
      "publishedDate": "2022-03-14T21:15Z"
    }
  }
}

CNVD-2022-20524

Vulnerability from cnvd - Published: 2022-03-18

Title

Sylius代码问题漏洞

Description

Sylius是波兰Sylius公司的一套基于Symfony框架的开源电子商务平台。 Sylius存在代码问题漏洞，该漏洞可能导致现有令牌泄漏和未经授权的密码更改。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Sylius代码问题漏洞的补丁

Patch Description

Sylius是波兰Sylius公司的一套基于Symfony框架的开源电子商务平台。 Sylius存在代码问题漏洞，该漏洞可能导致现有令牌泄漏和未经授权的密码更改。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g

Reference

https://cxsecurity.com/cveshow/CVE-2022-24743/

Impacted products

Name
sylius Sylius

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-24743"
    }
  },
  "description": "Sylius\u662f\u6ce2\u5170Sylius\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eSymfony\u6846\u67b6\u7684\u5f00\u6e90\u7535\u5b50\u5546\u52a1\u5e73\u53f0\u3002\n\nSylius\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u73b0\u6709\u4ee4\u724c\u6cc4\u6f0f\u548c\u672a\u7ecf\u6388\u6743\u7684\u5bc6\u7801\u66f4\u6539\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-20524",
  "openTime": "2022-03-18",
  "patchDescription": "Sylius\u662f\u6ce2\u5170Sylius\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eSymfony\u6846\u67b6\u7684\u5f00\u6e90\u7535\u5b50\u5546\u52a1\u5e73\u53f0\u3002\r\n\r\nSylius\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u73b0\u6709\u4ee4\u724c\u6cc4\u6f0f\u548c\u672a\u7ecf\u6388\u6743\u7684\u5bc6\u7801\u66f4\u6539\u3002 \u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sylius\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "sylius Sylius"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2022-24743/",
  "serverity": "\u9ad8",
  "submitTime": "2022-03-16",
  "title": "Sylius\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2022-24743

Vulnerability from fkie_nvd - Published: 2022-03-14 21:15 - Updated: 2024-11-21 06:50

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
security-advisories@github.com	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
security-advisories@github.com	https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/releases/tag/v1.10.11	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/releases/tag/v1.11.2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	sylius	sylius	*
	sylius	sylius	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "687E9BB6-A926-4A62-B44E-7A1B236D6C6F",
              "versionEndExcluding": "1.10.11",
              "versionStartIncluding": "1.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D032BB-B314-42A5-808D-5861B909F76F",
              "versionEndExcluding": "1.11.2",
              "versionStartIncluding": "1.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory."
    },
    {
      "lang": "es",
      "value": "Sylius es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. En versiones anteriores a 1.10.11 y 1.11.2, el token de restablecimiento de contrase\u00f1a no se establec\u00eda como nulo despu\u00e9s de cambiar la contrase\u00f1a. El mismo token pod\u00eda ser usado varias veces, lo que pod\u00eda resultar en un filtrado del token existente y a un cambio de contrase\u00f1a no autorizado. El problema ha sido corregido en versiones 1.10.11 y 1.11.2. Como medida de mitigaci\u00f3n, sobrescriba la clase \"Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler\" con el c\u00f3digo proporcionado por los mantenedores y reg\u00edstrela en un contenedor. M\u00e1s informaci\u00f3n sobre esta medida de mitigaci\u00f3n est\u00e1 disponible en el aviso de seguridad de GitHub"
    }
  ],
  "id": "CVE-2022-24743",
  "lastModified": "2024-11-21T06:50:59.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-14T21:15:07.947",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.10.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/releases/tag/v1.11.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Sylius/Sylius/security/advisories/GHSA-mf3v-f2qq-pf9g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-24743 (GCVE-0-2022-24743)

GHSA-MF3V-F2QQ-PF9G

Impact

Patches

Workarounds

For more information

GSD-2022-24743

CNVD-2022-20524

FKIE_CVE-2022-24743

Tags

Sightings

Nomenclature