CVE-2022-47406

Опубликовано: 14 дек. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

Ссылки

https://typo3.org/security/advisory/typo3-ext-sa-2022-016
Patch
Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2022-016
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users:*:*:*:*:*:typo3:*:*

Версия до 2.0.5 (исключая)

cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users:*:*:*:*:*:typo3:*:*

Версия от 3.0.0 (включая) до 3.0.3 (исключая)

EPSS

Процентиль: 49%

0.00259

Низкий

5.4 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-613

Связанные уязвимости

GHSA-53mm-hx32-6475

CVSS3: 9.8

github

около 3 лет назад

TYPO3 vulnerable to Insufficient Session Expiration

EPSS

Процентиль: 49%

0.00259

Низкий

5.4 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-613