Vulnerabilities > CVE-2022-24742 - Exposure of Resource to Wrong Sphere vulnerability in Sylius

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
sylius
CWE-668
NVD
Published: 2022-03-14
Updated: 2023-06-30

Summary

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.

Vulnerable Configurations

Part Description Count
Application
Sylius
206

Common Weakness Enumeration (CWE)

References