CVE-2022-47406

EUVD-2022-7512
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
mitreCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
change_password_for_frontend_users_projectchange_password_for_frontend_users
𝑥
< 2.0.5
change_password_for_frontend_users_projectchange_password_for_frontend_users
3.0.0 ≤
𝑥
< 3.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://typo3.org/security/advisory/typo3-ext-sa-2022-016
https://typo3.org/security/advisory/typo3-ext-sa-2022-016