PT-2022-20488 · Typo3 · Typo3
Kien Hoang
·
Published
2022-06-14
·
Updated
2024-03-06
·
CVE-2022-31050
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 9.5.34 ELTS
TYPO3 versions prior to 10.4.29
TYPO3 versions prior to 11.5.11
Description
The issue concerns Admin Tool sessions in the TYPO3 backend user interface that were not revoked even if the corresponding user account was degraded to lower permissions or disabled completely, potentially allowing sessions to be prolonged without limit.
Recommendations
Update to TYPO3 version 9.5.34 ELTS or later
Update to TYPO3 version 10.4.29 or later
Update to TYPO3 version 11.5.11 or later
Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3