CVE-2022-23063: Insufficient Session Expiration

May 3, 2022 (updated May 10, 2022)

In Shopizer versions 2.3.0 to 3.0.1 is vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

References

github.com/shopizer-ecommerce/shopizer/blob/3.0.1/sm-shop/src/main/java/com/salesmanager/shop/store/api/v1/customer/AuthenticateCustomerApi.java
nvd.nist.gov/vuln/detail/CVE-2022-23063
www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23063

Code Behaviors & Features

Detect and mitigate CVE-2022-23063 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →