Lucene search

MitreCVELIST:CVE-2022-47406

HistoryDec 14, 2022 - 12:00 a.m.

CVE-2022-47406

2022-12-1400:00:00

mitre

www.cve.org

typo3

fe_change_pwd extension

password change

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

References

typo3.org/security/advisory/typo3-ext-sa-2022-016

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

Related for CVELIST:CVE-2022-47406