CVE-2022-47406

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-47406

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47406.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-47406

Aliases

GHSA-53mm-hx32-6475

Published

2022-12-14T21:15:13Z

Modified

2024-09-03T04:21:08.266549Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in the fechangepwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

References

https://typo3.org/security/advisory/typo3-ext-sa-2022-016

Affected packages

Git / github.com/derhansen/fe_change_pwd

Affected ranges

Type: GIT
Repo: https://github.com/derhansen/fe_change_pwd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

651b043595207b7ccceee4dc32336b4b0869bfe7

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.3.0

1.4.0

1.4.1

1.5.0

1.5.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4