Vulnerability Details : CVE-2022-36106
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-36106
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36106
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36106
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
GitHub, Inc. |
CWE ids for CVE-2022-36106
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-36106
-
https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2
Missing check for expiration time of password reset token for backend users · Advisory · TYPO3/typo3 · GitHubThird Party Advisory
-
https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a
[SECURITY] Respect expiration time of password reset token · TYPO3/typo3@56af2bd · GitHubPatch;Third Party Advisory
-
https://typo3.org/security/advisory/typo3-core-sa-2022-008
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend usersVendor Advisory
Jump to