Lucene search
GitHub Advisory DatabaseGHSA-XMGR-JFF3-FCFVHistoryMay 30, 2024 - 4:17 p.m.
TYPO3 Security Misconfiguration in User Session Handling
2024-05-3016:17:54
CWE-384
GitHub Advisory Database
github.com
3
typo3
security
misconfiguration
user session
password change
vulnerability
user account
AI Score
7.2
Confidence
Low
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
Affected configurations
Node
typo3cms-coreRange9.0.0–9.5.6
ORtypo3cms-coreRange8.0.0–8.7.25
References
github.com/advisories/GHSA-xmgr-jff3-fcfv
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-2.yaml
github.com/TYPO3-CMS/core/commit/437bf78c0ef64a059c7feaa5164f6f028507b425
github.com/TYPO3-CMS/core/commit/e21f0e5d29b68a7e64448762b3f86ac24d36627f
typo3.org/security/advisory/typo3-core-sa-2019-011
AI Score
7.2
Confidence
Low