CVE-2022-47406 MEDIUM

CVE-2022-47406

Vendor N/A
Product n/a
Published December 14, 2022
Last update April 21, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N

What the vulnerability does

01Description

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

Key dates

02Disclosure timeline

December 14, 2022 CVE published
April 21, 2025 Record updated