Main Vulnerability Database Vulnerabilities #VU64271

Improper access control in TYPO3 - CVE-2022-31050

Published: June 14, 2022

Vulnerability identifier: #VU64271

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-31050

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TYPO3

Software vendor:
TYPO3

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to Admin Tool sessions initiated via the TYPO3 backend user interface are not removed even if the corresponding user account was degraded to lower permissions or disabled completely. A remote user can prolong the admin tool session without any limit.

Remediation

Install updates from vendor's website.

External links

https://typo3.org/security/advisory/typo3-core-sa-2022-005/

Improper access control in TYPO3 - CVE-2022-31050

Description

Remediation

External links

Please verify you're human