TYPO3 insufficient session expiration vulnerability in admin tool. Update to version 9.5.35 ELTS, 10.4.29, 11.5.11 or late
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
CVE | CVE-2022-31050 | 14 Jun 202221:15 | – | cve |
Friends Of PHP | TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool | 14 Jun 202207:11 | – | friendsofphp |
Friends Of PHP | TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool | 14 Jun 202207:11 | – | friendsofphp |
NVD | CVE-2022-31050 | 14 Jun 202221:15 | – | nvd |
OSV | CVE-2022-31050 | 14 Jun 202221:15 | – | osv |
OSV | BIT-typo3-2022-31050 | 6 Mar 202411:09 | – | osv |
OSV | Insufficient Session Expiration in TYPO3's Admin Tool | 17 Jun 202220:57 | – | osv |
Github Security Blog | Insufficient Session Expiration in TYPO3's Admin Tool | 17 Jun 202220:57 | – | github |
Cvelist | CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool | 14 Jun 202220:55 | – | cvelist |
Prion | Design/Logic Flaw | 14 Jun 202221:15 | – | prion |
Source | Link |
---|---|
typo3 | www.typo3.org/security/advisory/typo3-core-sa-2022-005 |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:typo3:typo3";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.148273");
script_version("2023-04-05T10:19:45+0000");
script_tag(name:"last_modification", value:"2023-04-05 10:19:45 +0000 (Wed, 05 Apr 2023)");
script_tag(name:"creation_date", value:"2022-06-15 04:35:02 +0000 (Wed, 15 Jun 2022)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-06-23 13:24:00 +0000 (Thu, 23 Jun 2022)");
script_cve_id("CVE-2022-31050");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("TYPO3 Session Expiration Vulnerability (TYPO3-CORE-SA-2022-005)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_typo3_http_detect.nasl");
script_mandatory_keys("typo3/detected");
script_tag(name:"summary", value:"TYPO3 is prone to an insufficient session expiration
vulnerability in the admin tool.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Admin Tool sessions initiated via the TYPO3 backend user
interface have not been revoked even if the corresponding user account was degraded to lower
permissions or disabled completely. This way, sessions in the admin tool theoretically could have
been prolonged without any limit.");
script_tag(name:"affected", value:"TYPO3 version 9.0.0 through 9.5.34 ELTS, 10.0.0 through
10.4.28 and 11.0.0 through 11.5.10.");
script_tag(name:"solution", value:"Update to version 9.5.35 ELTS, 10.4.29, 11.5.11 or later.");
script_xref(name:"URL", value:"https://typo3.org/security/advisory/typo3-core-sa-2022-005");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "[0-9]+\.[0-9]+\.[0-9]+")) # nb: Version might not be exact enough
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range_exclusive(version: version, test_version_lo: "9.0", test_version_up: "9.5.35")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.5.35", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "10.0", test_version_up: "10.4.29")) {
report = report_fixed_ver(installed_version: version, fixed_version: "10.4.29", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "11.0", test_version_up: "11.5.11")) {
report = report_fixed_ver(installed_version: version, fixed_version: "11.5.11", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo