{"id":"CVE-2022-23502","summary":"TYPO3 contains Insufficient Session Expiration after Password Reset","details":"TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.","aliases":["BIT-typo3-2022-23502","GHSA-mgj2-q8wp-29rr"],"modified":"2026-03-14T08:43:58.637519Z","published":"2022-12-14T07:34:21.327Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23502.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-613"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23502.json"},{"type":"ADVISORY","url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23502"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/typo3/typo3","events":[{"introduced":"c91b70e450c52d29ffb08115fffbb7832b15a330"},{"fixed":"8a90081d0135df5df51c49ba0b456fa3d4911720"}],"database_specific":{"versions":[{"introduced":"10.0.0"},{"fixed":"10.4.33"}]}},{"type":"GIT","repo":"https://github.com/typo3/typo3","events":[{"introduced":"6a5e2d4097ef0a0e3ea955af93cf83810d6fa234"},{"fixed":"7dd798416ced8107d383c4961b1c9b62b438677b"}],"database_specific":{"versions":[{"introduced":"11.0.0"},{"fixed":"11.5.20"}]}},{"type":"GIT","repo":"https://github.com/typo3/typo3","events":[{"introduced":"36096733dea4bd6f6168209609fa879dc25c0138"},{"fixed":"819260632d66317021f37c37057dc13914ff1679"}],"database_specific":{"versions":[{"introduced":"12.0.0"},{"fixed":"12.1.1"}]}}],"versions":["v10.0.0","v10.1.0","v10.2.0","v10.3.0","v10.4.0","v10.4.1","v10.4.10","v10.4.11","v10.4.12","v10.4.13","v10.4.14","v10.4.15","v10.4.16","v10.4.17","v10.4.18","v10.4.19","v10.4.2","v10.4.20","v10.4.21","v10.4.22","v10.4.23","v10.4.24","v10.4.25","v10.4.26","v10.4.27","v10.4.28","v10.4.29","v10.4.3","v10.4.30","v10.4.31","v10.4.32","v10.4.4","v10.4.5","v10.4.6","v10.4.7","v10.4.8","v10.4.9","v11.0.0","v11.1.0","v11.2.0","v11.3.0","v11.4.0","v11.5.0","v11.5.1","v11.5.10","v11.5.11","v11.5.12","v11.5.13","v11.5.14","v11.5.15","v11.5.16","v11.5.17","v11.5.18","v11.5.19","v11.5.2","v11.5.3","v11.5.4","v11.5.5","v11.5.6","v11.5.7","v11.5.8","v11.5.9","v12.0.0","v12.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23502.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/typo3/typo3.cms","events":[{"introduced":"c91b70e450c52d29ffb08115fffbb7832b15a330"},{"fixed":"8a90081d0135df5df51c49ba0b456fa3d4911720"},{"introduced":"6a5e2d4097ef0a0e3ea955af93cf83810d6fa234"},{"fixed":"7dd798416ced8107d383c4961b1c9b62b438677b"},{"introduced":"36096733dea4bd6f6168209609fa879dc25c0138"},{"fixed":"819260632d66317021f37c37057dc13914ff1679"}],"database_specific":{"versions":[{"introduced":"10.0.0"},{"fixed":"10.4.33"},{"introduced":"11.0.0"},{"fixed":"11.5.20"},{"introduced":"12.0.0"},{"fixed":"12.1.1"}]}}],"versions":["v10.0.0","v10.1.0","v10.2.0","v10.3.0","v10.4.0","v10.4.1","v10.4.10","v10.4.11","v10.4.12","v10.4.13","v10.4.14","v10.4.15","v10.4.16","v10.4.17","v10.4.18","v10.4.19","v10.4.2","v10.4.20","v10.4.21","v10.4.22","v10.4.23","v10.4.24","v10.4.25","v10.4.26","v10.4.27","v10.4.28","v10.4.29","v10.4.3","v10.4.30","v10.4.31","v10.4.32","v10.4.4","v10.4.5","v10.4.6","v10.4.7","v10.4.8","v10.4.9","v11.0.0","v11.1.0","v11.2.0","v11.3.0","v11.4.0","v11.5.0","v11.5.1","v11.5.10","v11.5.11","v11.5.12","v11.5.13","v11.5.14","v11.5.15","v11.5.16","v11.5.17","v11.5.18","v11.5.19","v11.5.2","v11.5.3","v11.5.4","v11.5.5","v11.5.6","v11.5.7","v11.5.8","v11.5.9","v12.0.0","v12.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23502.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}]}