VYPR
Moderate severityNVD Advisory· Published Mar 23, 2021· Updated Aug 3, 2024

Cleartext storage of session identifier

CVE-2021-21339

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
>= 6.2.0, < 6.2.576.2.57
typo3/cms-corePackagist
>= 7.0.0, < 7.6.517.6.51
typo3/cms-corePackagist
>= 8.0.0, < 8.7.408.7.40
typo3/cms-corePackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cms-corePackagist
>= 11.0.0, < 11.1.111.1.1
typo3/cms-corePackagist
>= 9.0.0, < 9.5.259.5.25
typo3/cmsPackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cmsPackagist
>= 11.0.0, < 11.1.111.1.1
typo3/cmsPackagist
>= 9.0.0, < 9.5.259.5.25

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.