An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
References
Link | Resource |
---|---|
https://typo3.org/security/advisory/typo3-ext-sa-2022-016 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 Dec 2022, 15:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-613 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Change Password For Frontend Users Project change Password For Frontend Users
Change Password For Frontend Users Project |
|
CPE | cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users:*:*:*:*:*:typo3:*:* | |
References | (MISC) https://typo3.org/security/advisory/typo3-ext-sa-2022-016 - Patch, Vendor Advisory |
14 Dec 2022, 21:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-14 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-47406
Mitre link : CVE-2022-47406
CVE.ORG link : CVE-2022-47406
JSON object : View
Products Affected
change_password_for_frontend_users_project
- change_password_for_frontend_users
CWE
CWE-613
Insufficient Session Expiration