CVE-2022-24742

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.

Related Vulnerabilities

CVE-2008-3893

MEDIUM
CVSS:5.5(Medium)

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sens...

CWE-2002008

CVE-2010-2538

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call.

CWE-2002010

CVE-2010-3078

MEDIUM
CVSS:5.5(Medium)

The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sen...

CWE-2002010

CVE-2011-2898

MEDIUM
CVSS:5.5(Medium)

net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows loc...

CWE-2002011

CVE-2011-4915

MEDIUM
CVSS:5.5(Medium)

fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.

CWE-2002011

CVE-2011-4916

MEDIUM
CVSS:5.5(Medium)

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

CWE-2002011