PT-2022-16035 · Typo3 · Typo3
Torben Hansen
·
Published
2022-12-13
·
Updated
2024-03-06
·
CVE-2022-23502
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 10.4.33
TYPO3 versions prior to 11.5.20
TYPO3 versions prior to 12.1.1
Description
The issue concerns the password recovery functionality in TYPO3, an open source PHP based web content management system. When users reset their password, existing sessions for that particular user account were not revoked, affecting both frontend and backend user sessions.
Recommendations
Update to version 10.4.33 to resolve the issue.
Update to version 11.5.20 to resolve the issue.
Update to version 12.1.1 to resolve the issue.
Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3