Lucene search
GoogleOSV:GHSA-XMGR-JFF3-FCFVHistoryMay 30, 2024 - 4:17 p.m.
TYPO3 Security Misconfiguration in User Session Handling
2024-05-3016:17:54
Google
osv.dev
1
typo3
security misconfiguration
user session handling
password change
user account
revoked sessions
backend
frontend user
7.2 High
AI Score
Confidence
Low
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
References
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-2.yaml
github.com/TYPO3-CMS/core
github.com/TYPO3-CMS/core/commit/437bf78c0ef64a059c7feaa5164f6f028507b425
github.com/TYPO3-CMS/core/commit/e21f0e5d29b68a7e64448762b3f86ac24d36627f
typo3.org/security/advisory/typo3-core-sa-2019-011
7.2 High
AI Score
Confidence
Low