← voltar
CVE-2022-23502

TYPO3 contains Insufficient Session Expiration after Password Reset

CVSS 5.4 MEDIUMEPSS 0.4%CWE-613
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 dez 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
TYPO3 · typo3

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr