Lucene search

[email protected]NVD:CVE-2022-23502

HistoryDec 14, 2022 - 8:15 a.m.

CVE-2022-23502

2022-12-1408:15:10

CWE-613

[email protected]

web.nvd.nist.gov

typo3

php

password reset

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.

Affected configurations

Nvd

Node

typo3typo3Range10.0.0–10.4.33

typo3typo3Range11.0.0–11.5.20

typo3typo3Range12.0.0–12.1.1

VendorProductVersionCPE
typo3typo3*cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3	*	cpe:2.3:a:typo3:typo3::::::::

References

github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

Related for NVD:CVE-2022-23502

veracode1 cve1 osv3 prion1 nessus2 ubuntucve1 friendsofphp2 cvelist1 openvas1 github1 freebsd1