6

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31050

GHSA ID

GHSA-wwjw-r3gj-39fq

EPSS Score

0.5836%

CWE

CWE-613

Published

6/17/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31050

CVE-2022-31050: Insufficient Session Expiration in TYPO3's Admin Tool

Meta

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C (5.6)

Problem

Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit.

Solution

Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

Credits

Thanks to Kien Hoang who reported this issue and to TYPO3 framework merger Ralf Zimmermann and TYPO3 security member Oliver Hader who fixed the issue.

References

TYPO3-CORE-SA-2022-005

(GitHub Advisory)

6

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31050

GHSA ID

GHSA-wwjw-r3gj-39fq

EPSS Score

0.5836%

CWE

CWE-613

Published

6/17/2022

Updated

1/27/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms-core	composer	>= 9.0.0, < 9.5.35	9.5.35
typo3/cms-core	composer	>= 10.0.0, < 10.4.29	10.4.29
typo3/cms-core	composer	>= 11.0.0, < 11.5.11	11.5.11
typo3/cms	composer	>= 10.0.0, < 10.4.29	10.4.29
typo3/cms	composer	>= 11.0.0, < 11.5.11	11.5.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key flaws: 1) SessionService::setAuthorizedBackendSession in vulnerable versions didn't persist critical backend user session metadata (user ID, session ID HMAC), making it impossible to later verify if the original backend session was still valid. 2) The Maintenance middleware didn't perform ongoing validation of backend user privileges/session status during requests. The fix added these validations by storing session references and implementing privilege checks in the middleware, confirming these were the missing security controls.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

> ### M*t* > * *VSS: `*VSS:*.*/*V:N/**:L/PR:*/UI:N/S:U/*:*/I:L/*:L/*:*/RL:O/R*:*` (*.*) ### Pro*l*m **min Tool s*ssions initi*t** vi* t** TYPO* ***k*n* us*r int*r**** **v* not ***n r*vok** *v*n i* t** *orr*spon*in* us*r ***ount w*s ***r**** to low*r

Reasoning

T** vuln*r**ility st*mm** *rom two k*y *l*ws: *) `S*ssionS*rvi**::s*t*ut*oriz*****k*n*S*ssion` in vuln*r**l* v*rsions *i*n't p*rsist *riti**l ***k*n* us*r s*ssion m*t***t* (us*r I*, s*ssion I* *M**), m*kin* it impossi*l* to l*t*r v*ri*y i* t** ori*in

6

Basic Information

Concerned about an active attack path?

CVE-2022-31050: Insufficient Session Expiration in TYPO3's Admin Tool

Meta

Problem

Solution

Credits

References

6

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI