CVE-2022-36106

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-36106
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36106.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-36106
Aliases
Published
2022-09-13T17:35:11Z
Modified
2026-02-24T11:43:16.376595Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Missing check for expiration time of password reset token in TYPO3
Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-287"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36106.json"
}
References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
408adc7ac146134aad8690d40935da5ae42dc2b2
Fixed
1a3a7c13e830700f43bd7425ffb8302a3d4c7056
Database specific 
{
    "versions": [
        {
            "introduced": "10.4.0"
        },
        {
            "fixed": "10.4.32"
        }
    ]
}
Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
6a5e2d4097ef0a0e3ea955af93cf83810d6fa234
Fixed
bb2cf378b62703708a1d3d0ac84809db1831a839
Database specific 
{
    "versions": [
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.16"
        }
    ]
}

Affected versions

v10.*
v10.4.0
v10.4.1
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.14
v10.4.15
v10.4.16
v10.4.17
v10.4.18
v10.4.19
v10.4.2
v10.4.20
v10.4.21
v10.4.22
v10.4.23
v10.4.24
v10.4.25
v10.4.26
v10.4.27
v10.4.28
v10.4.29
v10.4.3
v10.4.30
v10.4.31
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.2
v11.5.3
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36106.json"

Git / github.com/typo3/typo3.cms

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events
Introduced
6a5e2d4097ef0a0e3ea955af93cf83810d6fa234
Last affected
54ef8ceea343262012d800b0072b8b1a6aece1d5
Introduced
c91b70e450c52d29ffb08115fffbb7832b15a330
Last affected
bc74379650b09c87a4978220076dcfcb7090b285

Affected versions

v10.*
v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.4.0
v10.4.1
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.14
v10.4.15
v10.4.16
v10.4.17
v10.4.18
v10.4.19
v10.4.2
v10.4.20
v10.4.21
v10.4.22
v10.4.23
v10.4.24
v10.4.25
v10.4.26
v10.4.27
v10.4.28
v10.4.29
v10.4.3
v10.4.30
v10.4.31
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v11.*
v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.2
v11.5.3
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36106.json"