漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient Session Expiration in TYPO3 Admin Tool
Vulnerability Description
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
TYPO3 代码问题漏洞
Vulnerability Description
TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 存在代码问题漏洞,该漏洞源于通过 TYPO3 后端用户界面启动的管理工具会话不会被撤销,以下产品和版本受到影响:9.5.34 ELTS之前版本、10.4.29 之前版本和 11.5.11 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A