7.2 High
AI Score
Confidence
Low
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-2.yaml
github.com/TYPO3/typo3
typo3.org/security/advisory/typo3-core-sa-2019-011