← Back

CVE-2022-31047

nvd nist
Published: Jun 14, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.

Affected (5)

Products: Typo3: Typo3
Typo3
1 product
Typo3
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Typo3
Typo3
From 10.0.0 to 10.4.29
Typo3
From 11.0.0 to 11.5.11
Typo3
From 7.0.0 to 7.6.57
Typo3
From 8.0.0 to 8.7.47
Typo3
From 9.0.0 to 9.5.35

Related CWEs

CWE-209
Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.