Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tZ2oyLXE4d3AtMjlycs4AAwSY

TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset

Problem

When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.

Solution

Update to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

References

Permalink: https://github.com/advisories/GHSA-mgj2-q8wp-29rr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZ2oyLXE4d3AtMjlycs4AAwSY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 4 months ago


CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-mgj2-q8wp-29rr, CVE-2022-23502
References:

Affected Packages

packagist:typo3/cms
Versions: >= 12.0.0, < 12.1.1, >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33
Fixed in: 12.1.1, 11.5.20, 10.4.33
packagist:typo3/cms-core
Versions: >= 12.0.0, < 12.1.1, >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33
Fixed in: 12.1.1, 11.5.20, 10.4.33