Dear TYPO3 users,
several vulnerabilities have been found in the following third party TYPO3
extensions:
"Change password for frontend users" (fe_change_pwd)
"Newsletter subscriber management" (fp_newsletter)
"Master-Quiz" (fp_masterquiz)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2022-016, TYPO3-EXT-SA-2022-017 and TYPO3-EXT-SA-2022-018
which were published today:
TYPO3-EXT-SA-2022-016 - Insufficient Session Expiration after Password Change
in extension "Change password for frontend users" (fe_change_pwd)
[1]TYPO3-EXT-SA-2022-016: Insufficient Session Expiration after Password Change in extension "Change password for frontend users" (fe_change_pwd)
TYPO3-EXT-SA-2022-017 - Multiple vulnerabilities in extension "Newsletter
subscriber management" (fp_newsletter)
[2]TYPO3-EXT-SA-2022-017: Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
TYPO3-EXT-SA-2022-018 - Multiple vulnerabilities in extension "Master-Quiz"
(fp_masterquiz)
[3]TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
[4]Security guidelines — TYPO3 Explained main documentation
Make sure you are subscribed to the TYPO3 Announce List:
[5]TYPO3-announce Info Page
See all TYPO3 security advisories:
[6]TYPO3 Security Bulletins
Regards,
Torben Hansen
Member of the TYPO3 Security Team