typo3/cms-core is a free open source enterprise content management system.
Affected versions of this package are vulnerable to Information Exposure. User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack.
typo3/cms-core to version 11.1.1, 10.4.14, 9.5.25 or higher.