GHSA-r4r6-j2j3-7pp5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r4r6-j2j3-7pp5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-r4r6-j2j3-7pp5/GHSA-r4r6-j2j3-7pp5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r4r6-j2j3-7pp5
- Aliases
- Published
- 2024-04-09T16:15:06Z
- Modified
- 2024-04-10T18:58:57.392822Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- Contao: Remember-me tokens will not be cleared after a password change
- Details
-
Impact
When a front end member changes their password, the corresponding remember-me tokens are not removed.
Patches
Update to Contao 4.13.40.
Workarounds
Disable "Allow auto login" in the login module.
References
https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
- Database specific
{ "nvd_published_at": "2024-04-09T17:16:02Z", "cwe_ids": [ "CWE-384", "CWE-613" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-09T16:15:06Z" }- References
-
- https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5
- https://nvd.nist.gov/vuln/detail/CVE-2024-30262
- https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9
- https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change
- https://github.com/contao/contao
Affected packages
Packagist / contao/core-bundle
Package
- Name
- contao/core-bundle
- Purl
- pkg:composer/contao/core-bundle
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.13.40
Affected versions
4.*
4.0.0-beta1
4.0.0-RC1
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1.0-beta1
4.1.0-RC1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0-beta1
4.2.0-RC1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0-RC1
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.4.0-beta1
4.4.0-RC1
4.4.0-RC2
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.4.10
4.4.11
4.4.12
4.4.13
4.4.14
4.4.15
4.4.16
4.4.17
4.4.18
4.4.19
4.4.20
4.4.21
4.4.22
4.4.23
4.4.24
4.4.25
4.4.26
4.4.27
4.4.28
4.4.29
4.4.30
4.4.31
4.4.32
4.4.33
4.4.34
4.4.35
4.4.36
4.4.37
4.4.38
4.4.39
4.4.40
4.4.41
4.4.42
4.4.43
4.4.44
4.4.45
4.4.46
4.4.47
4.4.48
4.4.49
4.4.50
4.4.51
4.4.52
4.4.53
4.4.54
4.4.55
4.4.56
4.4.57
4.5.0-beta1
4.5.0-beta2
4.5.0-beta3
4.5.0-RC1
4.5.0-RC2
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.5.10
4.5.11
4.5.12
4.5.13
4.5.14
4.6.0-RC1
4.6.0-RC2
4.6.0-RC3
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.9
4.6.10
4.6.11
4.6.12
4.6.13
4.6.14
4.7.0-RC1
4.7.0-RC2
4.7.0-RC3
4.7.0-RC4
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.8.0-RC1
4.8.0-RC2
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.9.0-RC1
4.9.0-RC2
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.8
4.9.9
4.9.10
4.9.11
4.9.12
4.9.13
4.9.14
4.9.15
4.9.16
4.9.17
4.9.18
4.9.19
4.9.20
4.9.21
4.9.22
4.9.23
4.9.24
4.9.25
4.9.26
4.9.27
4.9.28
4.9.29
4.9.30
4.9.31
4.9.32
4.9.33
4.9.34
4.9.35
4.9.36
4.9.37
4.9.38
4.9.39
4.9.40
4.9.41
4.9.42
4.10.0-RC1
4.10.0-RC2
4.10.0-RC3
4.10.0-RC4
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.11.0-RC1
4.11.0-RC2
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.12.0-RC1
4.12.0-RC2
4.12.0-RC3
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.12.6
4.12.7
4.13.0-RC1
4.13.0-RC2
4.13.0-RC3
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.13.5
4.13.6
4.13.7
4.13.8
4.13.9
4.13.10
4.13.11
4.13.12
4.13.13
4.13.14
4.13.15
4.13.16
4.13.17
4.13.18
4.13.19
4.13.20
4.13.21
4.13.22
4.13.23
4.13.24
4.13.25
4.13.26
4.13.27
4.13.28
4.13.29
4.13.30
4.13.31
4.13.32
4.13.33
4.13.34
4.13.35
4.13.36
4.13.37
4.13.38
4.13.39