Lucene search

K

TYPO3 Session Expiration Vulnerability (TYPO3-CORE-SA-2022-005)

🗓️ 15 Jun 2022 00:00:00Reported by Copyright (C) 2022 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 7 Views

TYPO3 insufficient session expiration vulnerability in admin tool. Update to version 9.5.35 ELTS, 10.4.29, 11.5.11 or late

Show more
Related
Refs
Code
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

CPE = "cpe:/a:typo3:typo3";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.148273");
  script_version("2023-04-05T10:19:45+0000");
  script_tag(name:"last_modification", value:"2023-04-05 10:19:45 +0000 (Wed, 05 Apr 2023)");
  script_tag(name:"creation_date", value:"2022-06-15 04:35:02 +0000 (Wed, 15 Jun 2022)");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-06-23 13:24:00 +0000 (Thu, 23 Jun 2022)");

  script_cve_id("CVE-2022-31050");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("TYPO3 Session Expiration Vulnerability (TYPO3-CORE-SA-2022-005)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_typo3_http_detect.nasl");
  script_mandatory_keys("typo3/detected");

  script_tag(name:"summary", value:"TYPO3 is prone to an insufficient session expiration
  vulnerability in the admin tool.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Admin Tool sessions initiated via the TYPO3 backend user
  interface have not been revoked even if the corresponding user account was degraded to lower
  permissions or disabled completely. This way, sessions in the admin tool theoretically could have
  been prolonged without any limit.");

  script_tag(name:"affected", value:"TYPO3 version 9.0.0 through 9.5.34 ELTS, 10.0.0 through
  10.4.28 and 11.0.0 through 11.5.10.");

  script_tag(name:"solution", value:"Update to version 9.5.35 ELTS, 10.4.29, 11.5.11 or later.");

  script_xref(name:"URL", value:"https://typo3.org/security/advisory/typo3-core-sa-2022-005");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "[0-9]+\.[0-9]+\.[0-9]+")) # nb: Version might not be exact enough
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range_exclusive(version: version, test_version_lo: "9.0", test_version_up: "9.5.35")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.5.35", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "10.0", test_version_up: "10.4.29")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "10.4.29", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "11.0", test_version_up: "11.5.11")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "11.5.11", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Jun 2022 00:00Current
7High risk
Vulners AI Score7
CVSS26.5
CVSS37.2
EPSS0.002
7
.json
Report