What is CVE-2021-32717?

CVE-2021-32717 is a high-severity vulnerability in Shopware Platform, classified under Information Disclosure. CVSS score: 7.5/10. Published 2021-06-24.

How severe is CVE-2021-32717?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Shopware Platform

CVE-2021-32717

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the cor…

Vulnerability class: Information Disclosure

EPSS: 0.003 (56.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Shopware Platform — versions < 6.4.1.1

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021 (x_refsource_MISC)
github.com/shopware/platform/security/advisories/GHSA-vrf2-xghr-j52v (x_refsource_CONFIRM)
github.com/shopware/platform/commit/ba52f683372b8417a00e9014f481ed3d539f34b3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32717?: CVE-2021-32717 is a high-severity vulnerability in Shopware Platform, classified under Information Disclosure. CVSS score: 7.5/10. Published 2021-06-24.
How severe is CVE-2021-32717?: High severity. CVSS v3 base score is 7.5 out of 10.