CVE-2020-13997

High

In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error…

mitre·CWE-209·Published 2020-07-28

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

153 chars

In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.

NVDen

153 chars

In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.

In Shopware 6 before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. This vulnerability does not affect the shopware 5 release branch (`shopware/shopware` on packagist).

GHSAen

256 chars

NVDes

206 chars

En Shopware versiones anteriores a 6.2.3, la contraseña de la base de datos es filtrada a un usuario no autenticado cuando ocurre una excepción DriverException y el manejo detallado de errores es habilitado

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N