Main Vulnerability Database Vulnerabilities #VU18904

#VU18904 Authorization bypass through user-controlled key in TYPO3

Published: June 25, 2019

Vulnerability identifier: #VU18904

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID:

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
TYPO3

Software vendor:
TYPO3

Description

The vulnerability allows a local user to gain access to another user's session.

The vulnerability exists due to the application does not delete the session identifier after user logs out and stores it in cookies. An attacker with access to victim's browser can obtain session identifier and gain access to victim's account.

Remediation

Install updates from vendor's website.

External links

https://typo3.org/security/advisory/typo3-core-sa-2019-018/

#VU18904 Authorization bypass through user-controlled key in TYPO3

Description

Remediation

External links

Please verify you're human