{
  "GSD": {
    "alias": "CVE-2022-23502",
    "id": "GSD-2022-23502"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23502"
      ],
      "details": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.",
      "id": "GSD-2022-23502",
      "modified": "2023-12-13T01:19:35.067550Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23502",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "typo3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 10.0.0, \u003c 10.4.33"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 11.0.0, \u003c 11.5.20"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 12.0.0, \u003c 12.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TYPO3"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-613",
                "lang": "eng",
                "value": "CWE-613: Insufficient Session Expiration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
            "refsource": "MISC",
            "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-mgj2-q8wp-29rr",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=10.0.0,\u003c10.4.33||\u003e=11.0.0,\u003c11.5.20||\u003e=12.0.0,\u003c12.1.1",
          "affected_versions": "All versions starting from 10.0.0 before 10.4.33, all versions starting from 11.0.0 before 11.5.20, all versions starting from 12.0.0 before 12.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2022-12-16",
          "description": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.",
          "fixed_versions": [
            "10.4.33",
            "11.5.20",
            "12.1.1"
          ],
          "identifier": "CVE-2022-23502",
          "identifiers": [
            "CVE-2022-23502",
            "GHSA-mgj2-q8wp-29rr",
            "GMS-2022-8135"
          ],
          "not_impacted": "All versions before 10.0.0, all versions starting from 10.4.33 before 11.0.0, all versions starting from 11.5.20 before 12.0.0, all versions starting from 12.1.1",
          "package_slug": "packagist/typo3/cms-core",
          "pubdate": "2022-12-14",
          "solution": "Upgrade to versions 10.4.33, 11.5.20, 12.1.1 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23502",
            "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
            "https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c",
            "https://typo3.org/security/advisory/typo3-core-sa-2022-014",
            "https://github.com/advisories/GHSA-mgj2-q8wp-29rr"
          ],
          "uuid": "fe9f54d6-50ca-4f69-b647-9f1433903963"
        },
        {
          "affected_range": "\u003c0",
          "affected_versions": "All versions starting from 10.0.0 before 10.4.33, all versions starting from 11.0.0 before 11.5.20, all versions starting from 12.0.0 before 12.1.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-12-13",
          "description": "### Problem\nWhen users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.\n\n### Solution\nUpdate to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.\n\n### References\n* [TYPO3-CORE-SA-2022-014](https://typo3.org/security/advisory/typo3-core-sa-2022-014)\n",
          "fixed_versions": [
            "10.4.33",
            "11.5.20",
            "12.1.1"
          ],
          "identifier": "GMS-2022-8135",
          "identifiers": [
            "GHSA-mgj2-q8wp-29rr",
            "GMS-2022-8135",
            "CVE-2022-23502"
          ],
          "not_impacted": "All versions before 10.0.0, all versions starting from 10.4.33 before 11.0.0, all versions starting from 11.5.20 before 12.0.0, all versions starting from 12.1.1",
          "package_slug": "packagist/typo3/cms-core",
          "pubdate": "2022-12-13",
          "solution": "Upgrade to versions 10.4.33, 11.5.20, 12.1.1 or above.",
          "title": "Duplicate of ./packagist/typo3/cms-core/CVE-2022-23502.yml",
          "urls": [
            "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
            "https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c",
            "https://typo3.org/security/advisory/typo3-core-sa-2022-014",
            "https://github.com/advisories/GHSA-mgj2-q8wp-29rr"
          ],
          "uuid": "fbd68f77-35f6-48fb-8c64-a6c73376ba33"
        },
        {
          "affected_range": "\u003e=10.0.0,\u003c10.4.33||\u003e=11.0.0,\u003c11.5.20||\u003e=12.0.0,\u003c12.1.1",
          "affected_versions": "All versions starting from 10.0.0 before 10.4.33, all versions starting from 11.0.0 before 11.5.20, all versions starting from 12.0.0 before 12.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-613",
            "CWE-937"
          ],
          "date": "2022-12-16",
          "description": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.",
          "fixed_versions": [
            "10.4.33",
            "11.5.20",
            "12.1.1"
          ],
          "identifier": "CVE-2022-23502",
          "identifiers": [
            "CVE-2022-23502",
            "GHSA-mgj2-q8wp-29rr"
          ],
          "not_impacted": "All versions before 10.0.0, all versions starting from 10.4.33 before 11.0.0, all versions starting from 11.5.20 before 12.0.0, all versions starting from 12.1.1",
          "package_slug": "packagist/typo3/cms",
          "pubdate": "2022-12-14",
          "solution": "Upgrade to versions 10.4.33, 11.5.20, 12.1.1 or above.",
          "title": "Insufficient Session Expiration",
          "urls": [
            "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
            "https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c",
            "https://typo3.org/security/advisory/typo3-core-sa-2022-014",
            "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml",
            "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml",
            "https://github.com/advisories/GHSA-mgj2-q8wp-29rr"
          ],
          "uuid": "cf473560-ac1c-4abc-854b-dcb355d20f6a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5.20",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.4.33",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1.1",
                "versionStartIncluding": "12.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23502"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2022-12-16T17:55Z",
      "publishedDate": "2022-12-14T08:15Z"
    }
  }
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 cms-cors versions 10.x.x ant\u00e9rieures \u00e0 10.4.33",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 9.x.x ant\u00e9rieures \u00e0 9.5.38",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 8.x.x ant\u00e9rieures \u00e0 8.7.49",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 11.x.x ant\u00e9rieures \u00e0 11.5.20",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 12.x.x ant\u00e9rieures \u00e0 12.1.1",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-23500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23500"
    },
    {
      "name": "CVE-2022-23504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23504"
    },
    {
      "name": "CVE-2022-23501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23501"
    },
    {
      "name": "CVE-2022-23503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23503"
    },
    {
      "name": "CVE-2022-23502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23502"
    }
  ],
  "initial_release_date": "2022-12-14T00:00:00",
  "last_revision_date": "2022-12-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1097",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3 cms-core.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3 cms-core",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-jfp7-79g7-89rf du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-c5wx-6c2c-f7rm du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-8w3p-qh3x-6gjr du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-8c28-5mp7-v24h du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-mgj2-q8wp-29rr du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
    }
  ]
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.4.33"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.5.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23502"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T17:06:07Z",
    "nvd_published_at": "2022-12-14T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Problem\nWhen users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions.\n\n### Solution\nUpdate to TYPO3 versions 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.\n\n### References\n* [TYPO3-CORE-SA-2022-014](https://typo3.org/security/advisory/typo3-core-sa-2022-014)\n",
  "id": "GHSA-mgj2-q8wp-29rr",
  "modified": "2022-12-13T17:06:07Z",
  "published": "2022-12-13T17:06:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23502"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3/typo3"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-014"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset"
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FC0F47-4C30-4162-8A7E-3C427D1C3596",
              "versionEndExcluding": "10.4.33",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED21674D-027A-4DDC-AAD5-B7D58B309171",
              "versionEndExcluding": "11.5.20",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9BE74F-BB15-48C5-AF1E-7B4197AE8F5B",
              "versionEndExcluding": "12.1.1",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1."
    },
    {
      "lang": "es",
      "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos web basado en PHP de c\u00f3digo abierto. En versiones anteriores a 10.4.33, 11.5.20 y 12.1.1, cuando los usuarios restablec\u00edan su contrase\u00f1a utilizando la funci\u00f3n de recuperaci\u00f3n de contrase\u00f1a correspondiente, las sesiones existentes para esa cuenta de usuario en particular no se revocaban. Esto se aplic\u00f3 tanto a las sesiones de usuarios frontend como a las sesiones de usuarios backend. Este problema est\u00e1 solucionado en las versiones 10.4.33, 11.5.20, 12.1.1."
    }
  ],
  "id": "CVE-2022-23502",
  "lastModified": "2024-11-21T06:48:41.900",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-14T08:15:10.590",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}