CVE-2009-0256 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.0.0 <4.0.10 || >=4.1.0 <4.1.8 || >=4.2.0 <4.2.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00911 pctl0.74949

Details

Authentication library in TYPO3 vulnerable to session fixation Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

Metadata

Created: 2022-05-02T03:13:51Z
Modified: 2024-01-23T15:13:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q45q-5233-229p/GHSA-q45q-5233-229p.json
CWE IDs: ["CWE-287", "CWE-384"]
Alternative ID: GHSA-q45q-5233-229p
Finding: F280
Auto approve: 1