CVE-2022-47406
CRITICAL9.8EPSS 0.26%TYPO3 vulnerable to Insufficient Session Expiration
Published: 12/14/2022Modified: 11/8/2023
Also known as:GHSA-53mm-hx32-6475
Description
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
Affected packages (2)
- Packagist/derhansen/fe_change_pwd>= 3.0.0, < 3.0.3
- Packagist/typo3/cmsfrom 0, < 2.0.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |