Vulnerability Details : CVE-2023-34099
Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability.
Products affected by CVE-2023-34099
- cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34099
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34099
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2023-34099
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-34099
-
https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2023
Shopware 5 - Security Updates - Security Update 06/2023Patch;Vendor Advisory
-
https://github.com/shopware/shopware/security/advisories/GHSA-gh66-fp7j-98v5
Improper mail validation · Advisory · shopware5/shopware · GitHubVendor Advisory
-
https://www.shopware.com/en/changelog-sw5/#5-7-18
Shopware Changelog | ShopwareRelease Notes
-
https://github.com/shopware5/shopware/commit/39cc714d9a0be33b43877044d0b88ea3c6b43f3d
SW-27102 - changing custom email validation to PHPs FILTER_VALIDATE_E… · shopware5/shopware@39cc714 · GitHubPatch
Jump to