GHSA-xmgr-jff3-fcfv: TYPO3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-2.yaml
- github.com/TYPO3-CMS/core
- github.com/TYPO3-CMS/core/commit/437bf78c0ef64a059c7feaa5164f6f028507b425
- github.com/TYPO3-CMS/core/commit/e21f0e5d29b68a7e64448762b3f86ac24d36627f
- github.com/advisories/GHSA-xmgr-jff3-fcfv
- typo3.org/security/advisory/typo3-core-sa-2019-011
Code Behaviors & Features
Detect and mitigate GHSA-xmgr-jff3-fcfv with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →