Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38490

HistoryDec 15, 2022 - 5:35 a.m.

Insufficient Session Expiration

2022-12-1505:35:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

insufficient session management

authentication bypass

password recovery

EPSS

0.001

Percentile

21.4%

typo3/cms and typo3/cms-core are vulnerable to insecure session management. An attacker is able to bypass authentication when a user resets their password using the corresponding password recovery functionality, as existing sessions for that particular user account are not revoked.

References

github.com/advisories/GHSA-mgj2-q8wp-29rr

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml

github.com/TYPO3/typo3/commit/4a41c71b8c7b4622633ee4b6ce1da065a7158760

github.com/TYPO3/typo3/commit/4ad509273a5535ab5da74e2b547b640683fad0e5

github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c

github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr

typo3.org/security/advisory/typo3-core-sa-2022-014

EPSS

0.001

Percentile

21.4%

Related for VERACODE:38490

nvd1 cve1 osv3 prion1 nessus2 ubuntucve1 friendsofphp2 cvelist1 openvas1 github1 freebsd1