GHSA-g9rv-6g56-65h8: Typo3 Security Misconfiguration in User Session Handling

June 5, 2024

When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-2.yaml
github.com/TYPO3/typo3
github.com/advisories/GHSA-g9rv-6g56-65h8
typo3.org/security/advisory/typo3-core-sa-2019-011

Detect and mitigate GHSA-g9rv-6g56-65h8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →