CVE-2022-47406

2022-12-1421:15:13

CWE-613

[email protected]

web.nvd.nist.gov

typo3

fe_change_pwd

extension

cve-2022-47406

security issue

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

Affected configurations

NVD

Node

change_password_for_frontend_users_projectchange_password_for_frontend_usersRange<2.0.5typo3

change_password_for_frontend_users_projectchange_password_for_frontend_usersRange3.0.0–3.0.3typo3

CPENameOperatorVersion
change_password_for_frontend_users_project:change_password_for_frontend_userschange password for frontend users project change password for frontend userslt2.0.5
change_password_for_frontend_users_project:change_password_for_frontend_userschange password for frontend users project change password for frontend userslt3.0.3

CPE	Name	Operator	Version
change_password_for_frontend_users_project:change_password_for_frontend_users	change password for frontend users project change password for frontend users	lt	2.0.5
change_password_for_frontend_users_project:change_password_for_frontend_users	change password for frontend users project change password for frontend users	lt	3.0.3