Lucene search

GitHub Advisory DatabaseGHSA-9J8H-XRGJ-7GW2

HistoryMay 17, 2022 - 4:42 a.m.

TYPO3 Improper Session Invalidation

2022-05-1704:42:47

CWE-287

GitHub Advisory Database

github.com

typo3

authentication

session

invalidation

remote attackers

unspecified vectors

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Affected configurations

Vulners

Node

typo3typo3_cmsRange6.2.0–6.2.3

VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3_cms	*	cpe:2.3:a:typo3:typo3_cms::::::::

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

github.com/advisories/GHSA-9j8h-xrgj-7gw2

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml

nvd.nist.gov/vuln/detail/CVE-2014-3944

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

Related for GHSA-9J8H-XRGJ-7GW2