CVE-2022-47406 - OpenCVE

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Change Password For Frontend Users Project	Change Password For Frontend Users

Configuration 1 [-]

OR	cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users::::::typo3::*
	cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users::::::typo3::*

No data.

References

Link	Providers
https://typo3.org/security/advisory/typo3-ext-sa-2022-016

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-14T00:00:00

Updated: 2024-08-03T14:55:07.663Z

Reserved: 2022-12-14T00:00:00

Link: CVE-2022-47406

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-14T21:15:13.710

Modified: 2022-12-19T15:35:15.687

Link: CVE-2022-47406

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users:*:*:*:*:*:typo3:*:*", "matchCriteriaId": "CB4F5423-BD60-4278-9683-B2DD65D0FFD0", "versionEndExcluding": "2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:change_password_for_frontend_users_project:change_password_for_frontend_users:*:*:*:*:*:typo3:*:*", "matchCriteriaId": "8E88FB0D-B71C-44FD-9829-322006A6FB2E", "versionEndExcluding": "3.0.3", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en la extensi\u00f3n fe_change_pwd (tambi\u00e9n conocida como Cambiar contrase\u00f1a para usuarios frontend) antes de 2.0.5 y 3.x antes de 3.0.3, para TYPO3. La extensi\u00f3n no puede revocar las sesiones existentes para el usuario actual cuando se cambia la contrase\u00f1a."}], "id": "CVE-2022-47406", "lastModified": "2022-12-19T15:35:15.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2022-12-14T21:15:13.710", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-016"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}