CVE-2022-47406

CRITICAL9.8EPSS 0.26%

TYPO3 vulnerable to Insufficient Session Expiration

發布日:2022/12/14修改日:2023/11/8

描述

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

受影響套件(2)

Packagist/derhansen/fe_change_pwd>= 3.0.0, < 3.0.3
Packagist/typo3/cmsfrom 0, < 2.0.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-47406
PATCHhttps://github.com/TYPO3/typo3
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/derhansen/fe_change_pwd/CVE-2022-47406.yaml
WEBhttps://typo3.org/security/advisory/typo3-ext-sa-2022-016