CVE-2022-23502
CVSS V2 None
CVSS V3 None
Description
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.
Overview
- CVE ID
- CVE-2022-23502
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-14T08:15:10
- Last Modified Date
- 2022-12-16T17:55:12
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | 1 | OR | 10.0.0 | 10.4.33 |
| cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | 1 | OR | 11.0.0 | 11.5.20 |
| cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | 1 | OR | 12.0.0 | 12.1.1 |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-23502 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23502 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-14 08:15:54 | Added to TrackCVE | |||
| 2022-12-14 14:15:27 | 2022-12-14T08:15:10.590 | 2022-12-14T08:15:10 | CVE Published Date | updated |
| 2022-12-14 14:15:27 | 2022-12-14T14:09:52 | CVE Modified Date | updated | |
| 2022-12-14 14:15:27 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2022-12-18 04:35:28 | 2022-12-16T17:55:12 | CVE Modified Date | updated | |
| 2022-12-18 04:35:28 | Awaiting Analysis | Analyzed | Vulnerability Status | updated |
| 2022-12-18 04:35:40 | CPE Information | updated |