Описание
Typo3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.25
8.7.25
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.5.6
9.5.6