CVE-2021-32717Sensitive Information Exposure in Platform

CWE-200Sensitive Information ExposureCWE-732Incorrect Permission Assignment5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Shopware PlatformShopware
Timeline
PublishedJun 24
Latest updateApr 9

Description

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5shopware/platform< 6.4.1.1
Packagistshopware/platform< 6.4.1.1
NVDshopware/shopware6.1.06.4.1.1

Patches

Patch: docs.shopware.comPatch: github.comPatch: docs.shopware.com

🔴Vulnerability Details

2
OSV
Exposure of Sensitive Information to an Unauthorized Actor2021-09-08
GHSA
Exposure of Sensitive Information to an Unauthorized Actor2021-09-08

🕵️Threat Intelligence

2
Wiz
IOC Security: The Role Of Indicators Of Compromise In Threat Detection | Wiz2025-04-09
Wiz
IOC Security: The Role Of Indicators Of Compromise In Threat Detection | Wiz2025-04-09