Vulnerabilities > CVE-2022-23502 - Insufficient Session Expiration vulnerability in Typo3

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

typo3

CWE-613

NVD

Published: 2022-12-14

Updated: 2022-12-16

Summary

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.

Vulnerable Configurations

Part	Description	Count
Application	Typo3 Typo3 Typo3 11.0.0 Typo3 Typo3 11.0.2 Typo3 Typo3 11.0.3 Typo3 Typo3 11.1.0 Typo3 Typo3 11.1.1 Typo3 Typo3 11.2.0 Typo3 Typo3 11.3.0 Typo3 Typo3 11.3.1 Typo3 Typo3 11.3.2 Typo3 Typo3 11.3.3 Typo3 Typo3 11.4.0 Typo3 Typo3 11.5.0 Typo3 Typo3 11.5.1 Typo3 Typo3 11.5.2 Typo3 Typo3 11.5.3 Typo3 Typo3 11.5.4 Typo3 Typo3 11.5.5 Typo3 Typo3 11.5.6 Typo3 Typo3 11.5.7 Typo3 Typo3 11.5.8 Typo3 Typo3 11.5.9 Typo3 Typo3 11.5.10 Typo3 Typo3 11.5.11 Typo3 Typo3 11.5.12 Typo3 Typo3 11.5.13 Typo3 Typo3 11.5.14 Typo3 Typo3 11.5.15 Typo3 Typo3 11.5.16 Typo3 Typo3 11.5.17 Typo3 Typo3 11.5.18 Typo3 Typo3 11.5.19 Typo3 Typo3 10.0.0 Typo3 Typo3 10.0.9 Typo3 Typo3 10.0.10 Typo3 Typo3 10.1.0 Typo3 Typo3 10.2.0 Typo3 Typo3 10.2.1 Typo3 Typo3 10.2.2 Typo3 Typo3 10.3.0 Typo3 Typo3 10.4.0 Typo3 Typo3 10.4.1 Typo3 Typo3 10.4.2 Typo3 Typo3 10.4.3 Typo3 Typo3 10.4.4 Typo3 Typo3 10.4.5 Typo3 Typo3 10.4.6 Typo3 Typo3 10.4.7 Typo3 Typo3 10.4.8 Typo3 Typo3 10.4.9 Typo3 Typo3 10.4.10 Typo3 Typo3 10.4.11 Typo3 Typo3 10.4.12 Typo3 Typo3 10.4.13 Typo3 Typo3 10.4.14 Typo3 Typo3 10.4.15 Typo3 Typo3 10.4.16 Typo3 Typo3 10.4.17 Typo3 Typo3 10.4.18 Typo3 Typo3 10.4.19 Typo3 Typo3 10.4.20 Typo3 Typo3 10.4.21 Typo3 Typo3 10.4.22 Typo3 Typo3 10.4.23 Typo3 Typo3 10.4.24 Typo3 Typo3 10.4.25 Typo3 Typo3 10.4.26 Typo3 Typo3 10.4.27 Typo3 Typo3 10.4.28 Typo3 Typo3 10.4.29 Typo3 Typo3 10.4.30 Typo3 Typo3 10.4.31 Typo3 Typo3 10.4.32 Typo3 Typo3 12.0.0 Typo3 Typo3 12.1.0	77

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr