CVE-2022-24742

More information about this CVE will likely be available in a few days.

Description

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.

Related CPE's

Could not find any relations

References

https://github.com/Sylius/Sylius/releases/tag/v1.11.2

https://github.com/Sylius/Sylius/security/advisories/GHSA-7563-75j9-6h5p

https://github.com/Sylius/Sylius/releases/tag/v1.9.10

https://github.com/Sylius/Sylius/releases/tag/v1.10.11

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io