CVE-2024-55891

Published: Jan 14, 2025Modified: Aug 26, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

Affected (1)

Products: Typo3: Typo3

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	Version 13.4.2

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q

Source: security-advisories@github.com

Vendor Advisory

https://typo3.org/security/advisory/typo3-core-sa-2025-001

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.