CVE-2022-47406

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-47406
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-47406.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-47406
Aliases
Published
2022-12-14T21:15:13Z
Modified
2024-10-12T10:19:57.853495Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in the fechangepwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

References

Affected packages

Git / github.com/derhansen/fe_change_pwd

Affected ranges

Type
GIT
Repo
https://github.com/derhansen/fe_change_pwd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0.0
1.0.1
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4