First published: Tue Jun 14 2022(Updated: )
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/typo3/cms | >=10.0.0<10.4.29>=11.0.0<11.5.11 | |
composer/typo3/cms-core | >=10.0.0<10.4.29>=11.0.0<11.5.11 | |
Typo3 Typo3 | >=9.0.0<9.5.35 | |
Typo3 Typo3 | >=10.0.0<10.4.29 | |
Typo3 Typo3 | >=11.0.0<11.5.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
TYPO3-CORE-SA-2022-005 is a vulnerability in the TYPO3 web content management system that allows Admin Tool sessions to remain active even if the user's account permissions or access are reduced or disabled.
Versions 10.0.0 to 10.4.29 and Versions 11.0.0 to 11.5.11 of TYPO3 are affected by TYPO3-CORE-SA-2022-005.
The severity of TYPO3-CORE-SA-2022-005 is rated as high with a severity score of 7.2.
To fix TYPO3-CORE-SA-2022-005, you should update your TYPO3 installation to version 9.5.34 ELTS, 10.4.29, or 11.5.11 which have addressed the vulnerability.
You can find more information about TYPO3-CORE-SA-2022-005 at the TYPO3 official website advisory page: https://typo3.org/security/advisory/typo3-core-sa-2022-005, and the GitHub commit and advisory pages: https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d, https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq.