First published: Tue Dec 13 2022(Updated: )
TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/typo3/cms-core | >=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1 | |
composer/typo3/cms | >=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1 | |
Typo3 Typo3 | >=10.0.0<10.4.33 | |
Typo3 Typo3 | >=11.0.0<11.5.20 | |
Typo3 Typo3 | >=12.0.0<12.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
TYPO3-CORE-SA-2022-014 is a vulnerability in the TYPO3 CMS that allows existing sessions to remain active after a password reset.
TYPO3-CORE-SA-2022-014 affects TYPO3 versions prior to 10.4.33, 11.5.20, and 12.1.1.
TYPO3-CORE-SA-2022-014 has a severity rating of 5.4 (Medium).
To fix TYPO3-CORE-SA-2022-014, you should update TYPO3 CMS to version 10.4.33, 11.5.20, or 12.1.1.
You can find more information about TYPO3-CORE-SA-2022-014 in the TYPO3 security advisory TYPO3-CORE-SA-2022-014 and the GitHub security advisory GHSA-mgj2-q8wp-29rr.