GHSA-q45q-5233-229p

Source

https://github.com/advisories/GHSA-q45q-5233-229p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q45q-5233-229p/GHSA-q45q-5233-229p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q45q-5233-229p

Aliases

CVE-2009-0256

Published

2022-05-02T03:13:51Z

Modified

2024-01-23T15:41:35.219309Z

Summary

Authentication library in TYPO3 vulnerable to session fixation

Details

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

Database specific

{
    "nvd_published_at": "2009-01-22T23:30:00Z",
    "cwe_ids": [
        "CWE-287",
        "CWE-384"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-23T15:13:25Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.10

Database specific

{
    "last_known_affected_version_range": "<= 4.0.9"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.8

Database specific

{
    "last_known_affected_version_range": "<= 4.1.7"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.4

Database specific

{
    "last_known_affected_version_range": "<= 4.2.3"
}