Critical severityNVD Advisory· Published Dec 14, 2022· Updated Apr 21, 2025
CVE-2022-47406
CVE-2022-47406
Description
An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cmsPackagist | < 2.0.5 | 2.0.5 |
typo3/cmsPackagist | >= 3.0.0, < 3.0.3 | 3.0.3 |
derhansen/fe_change_pwdPackagist | >= 3.0.0, < 3.0.3 | 3.0.3 |
derhansen/fe_change_pwdPackagist | < 2.0.5 | 2.0.5 |
Affected products
3- TYPO3/Change password for frontend usersdescription
- ghsa-coords2 versions
>= 3.0.0, < 3.0.3+ 1 more
- (no CPE)range: >= 3.0.0, < 3.0.3
- (no CPE)range: < 2.0.5
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.