Typo3 Security Misconfiguration in User Session Handling

2024-06-0517:10:38

Google

osv.dev

typo3

security

misconfiguration

user session

handling

password

revoked

backend

frontend

user account

vulnerability

software.

7.2 High

AI Score

Confidence

Low

JSON

When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.

CPENameOperatorVersion
typo3/cmseq8.7.7
typo3/cmseq8.1.2
typo3/cmseq8.7.9
typo3/cmseq8.7.8
typo3/cmseq8.7.14
typo3/cmseq8.5.1
typo3/cmseq8.6.1
typo3/cmseq9.5.3
typo3/cmseq9.5.5
typo3/cmseq8.0.0

Name	Operator	Version
typo3/cms	eq	8.7.7
typo3/cms	eq	8.1.2
typo3/cms	eq	8.7.9
typo3/cms	eq	8.7.8
typo3/cms	eq	8.7.14
typo3/cms	eq	8.5.1
typo3/cms	eq	8.6.1
typo3/cms	eq	9.5.3
typo3/cms	eq	9.5.5
typo3/cms	eq	8.0.0

Rows per page:

1-10 of 551

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-2.yaml

github.com/TYPO3/typo3

typo3.org/security/advisory/typo3-core-sa-2019-011

7.2 High

AI Score

Confidence

Low

JSON