GHSA-xmgr-jff3-fcfv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xmgr-jff3-fcfv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-xmgr-jff3-fcfv/GHSA-xmgr-jff3-fcfv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xmgr-jff3-fcfv
- Published
- 2024-05-30T16:17:54Z
- Modified
- 2024-12-05T05:56:52.992385Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- TYPO3 Security Misconfiguration in User Session Handling
- Details
-
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-384" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-30T16:17:54Z" }- References
-
- https://github.com/TYPO3-CMS/core/commit/437bf78c0ef64a059c7feaa5164f6f028507b425
- https://github.com/TYPO3-CMS/core/commit/e21f0e5d29b68a7e64448762b3f86ac24d36627f
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-2.yaml
- https://github.com/TYPO3-CMS/core
- https://typo3.org/security/advisory/typo3-core-sa-2019-011
Affected packages
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core