GHSA-53mm-hx32-6475
Suggest an improvement- Source
- https://github.com/advisories/GHSA-53mm-hx32-6475
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-53mm-hx32-6475/GHSA-53mm-hx32-6475.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-53mm-hx32-6475
- Aliases
- Published
- 2022-12-14T21:30:16Z
- Modified
- 2023-11-08T04:11:00.109197Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- TYPO3 vulnerable to Insufficient Session Expiration
- Details
-
An issue was discovered in the fechangepwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
- Database specific
{ "nvd_published_at": "2022-12-14T21:15:00Z", "github_reviewed_at": "2022-12-19T21:10:07Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-613" ] }- References
Affected packages
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / typo3/cms
Package
- Name
- typo3/cms
- Purl
- pkg:composer/typo3/cms
Packagist / derhansen/fe_change_pwd
Package
- Name
- derhansen/fe_change_pwd
- Purl
- pkg:composer/derhansen/fe_change_pwd
Packagist / derhansen/fe_change_pwd
Package
- Name
- derhansen/fe_change_pwd
- Purl
- pkg:composer/derhansen/fe_change_pwd