Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • typo3 typo3
  • Project information
    • Project information
    • Activity
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Analytics
    • Analytics
    • CI/CD
    • Insights
    • Repository
  • Activity
  • Graph
  • Jobs
  • Commits
Collapse sidebar
  • typo3typo3
  • typo3typo3
  • Repository
Switch branch/tag
  • typo3
  • ..
  • Controller
  • BackendModuleControllerTest.php
Find file BlameHistoryPermalink
  • Oliver Hader's avatar
    [SECURITY] Synchronize admin tools session with backend user session · 59238797
    Oliver Hader authored Jun 14, 2022 and Oliver Hader's avatar Oliver Hader committed Jun 14, 2022
    Admin tools sessions are revoked in case the initiatin backend user
    does not have admin or system maintainer privileges anymore. Besides
    that, revoking backend user interface sessions now also revokes access
    to admin tools. Standalone install tool is not affected.
    
    Resolves: #92019
    Releases: main, 11.5, 10.4
    Change-Id: I367098abd632fa34caa59e4e165f5ab1916894c5
    Security-Bulletin: TYPO3-CORE-SA-2022-005
    Security-References: CVE-2022-31050
    Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74905
    
    
    Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
    Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
    59238797