CVE-2024-30262

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-30262

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-30262.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-30262

Aliases

GHSA-r4r6-j2j3-7pp5

Published

2024-04-09T17:16:02Z

Modified

2024-10-08T04:09:34.736148Z

Summary

[none]

Details

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable "Allow auto login" in the login module.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type: GIT
Repo: https://github.com/contao/contao
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3032baa456f607169ffae82a8920354adb338fe9

Affected versions

4.*

4.10.0

4.10.0-RC1

4.10.0-RC2

4.10.0-RC3

4.10.0-RC4

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.11.0

4.11.0-RC1

4.11.0-RC2

4.11.1

4.11.2

4.11.3

4.11.4

4.11.5

4.11.6

4.11.7

4.11.8

4.11.9

4.12.0

4.12.0-RC1

4.12.0-RC2

4.12.0-RC3

4.12.1

4.12.2

4.12.3

4.12.4

4.12.5

4.12.6

4.12.7

4.13.0

4.13.0-RC1

4.13.0-RC2

4.13.0-RC3

4.13.1

4.13.10

4.13.11

4.13.12

4.13.13

4.13.14

4.13.15

4.13.16

4.13.17

4.13.18

4.13.19

4.13.2

4.13.20

4.13.21

4.13.22

4.13.23

4.13.24

4.13.25

4.13.26

4.13.27

4.13.28

4.13.29

4.13.3

4.13.30

4.13.31

4.13.32

4.13.33

4.13.34

4.13.35

4.13.36

4.13.37

4.13.38

4.13.39

4.13.4

4.13.5

4.13.6

4.13.7

4.13.8

4.13.9

4.4.22

4.4.23

4.4.24

4.4.25

4.4.26

4.4.27

4.4.28

4.4.29

4.4.30

4.4.31

4.4.32

4.4.33

4.4.34

4.4.35

4.4.36

4.4.37

4.4.38

4.4.39

4.4.40

4.4.41

4.4.42

4.4.43

4.4.44

4.4.45

4.4.46

4.4.47

4.4.48

4.4.49

4.4.50

4.4.51

4.4.52

4.4.53

4.4.54

4.4.55

4.5.13

4.5.14

4.6.0

4.6.1

4.6.10

4.6.11

4.6.12

4.6.13

4.6.14

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.6.7

4.6.8

4.6.9

4.7.0

4.7.0-RC1

4.7.0-RC2

4.7.0-RC3

4.7.0-RC4

4.7.1

4.7.2

4.7.3

4.7.4

4.7.5

4.7.6

4.7.7

4.8.0

4.8.0-RC1

4.8.0-RC2

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.8.6

4.8.7

4.8.8

4.9.0

4.9.0-RC1

4.9.0-RC2

4.9.1

4.9.10

4.9.11

4.9.12

4.9.13

4.9.14

4.9.15

4.9.16

4.9.17

4.9.18

4.9.19

4.9.2

4.9.20

4.9.21

4.9.22

4.9.23

4.9.24

4.9.25

4.9.26

4.9.27

4.9.28

4.9.29

4.9.3

4.9.30

4.9.31

4.9.32

4.9.33

4.9.34

4.9.35

4.9.36

4.9.37

4.9.38

4.9.39

4.9.4

4.9.40

4.9.41

4.9.5

4.9.6

4.9.7

4.9.8

4.9.9