Описание
TYPO3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
Ссылки
- https://github.com/TYPO3-CMS/core/commit/437bf78c0ef64a059c7feaa5164f6f028507b425
- https://github.com/TYPO3-CMS/core/commit/e21f0e5d29b68a7e64448762b3f86ac24d36627f
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-2.yaml
- https://typo3.org/security/advisory/typo3-core-sa-2019-011
Пакеты
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.25
8.7.25
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.5.6
9.5.6
6.5 Medium
CVSS3
Дефекты
CWE-384
6.5 Medium
CVSS3
Дефекты
CWE-384