CVE-2014-3944 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=6.2.0 <6.2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00186 pctl0.40683

Details

TYPO3 Improper Session Invalidation The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Metadata

Created: 2022-05-17T04:42:47Z
Modified: 2024-04-25T21:29:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9j8h-xrgj-7gw2/GHSA-9j8h-xrgj-7gw2.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-9j8h-xrgj-7gw2
Finding: F039
Auto approve: 1