Lucene search
Veracode Vulnerability DatabaseVERACODE:36052HistoryJun 20, 2022 - 7:29 a.m.
Session Fixation
2022-06-2007:29:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
typo3
cms
session fixation
EPSS
0.002
Percentile
59.9%
typo3/cms is vulnerable to session fixation. The vulnerability exists because the setAuthorizedAndRedirect function of BackendModuleController.php does not properly revoke tokens after the user account was degraded to lower permissions or disabled completely.
References
github.com/TYPO3/typo3/commit/1b68d0fad1d5473477e432467de28436cc72283c
github.com/TYPO3/typo3/commit/40f1ea7b84f82809c437839c5bfcfea33aad3d75
github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d
github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq
typo3.org/security/advisory/typo3-core-sa-2022-005
Related
friendsofphp
friendsofphp
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
2022-06-14 07:11:53
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
2022-06-14 07:11:53
cve
cve
CVE-2022-31050
2022-06-14 21:15:16
openvas
openvas
TYPO3 Session Expiration Vulnerability (TYPO3-CORE-SA-2022-005)
2022-06-15 00:00:00
nvd
nvd
CVE-2022-31050
2022-06-14 21:15:16
osv
osv
CVE-2022-31050
2022-06-14 21:15:16
BIT-typo3-2022-31050
2024-03-06 11:09:14
Insufficient Session Expiration in TYPO3's Admin Tool
2022-06-17 20:57:27
github
github
Insufficient Session Expiration in TYPO3's Admin Tool
2022-06-17 20:57:27
prion
prion
Design/Logic Flaw
2022-06-14 21:15:00
cvelist
cvelist
CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool
2022-06-14 20:55:11