CVE-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
typo3typo3
7.0.0 ≤
𝑥
≤ 7.6.51
typo3typo3
8.0.0 ≤
𝑥
≤ 8.7.40
typo3typo3
9.0.0 ≤
𝑥
≤ 9.5.27
typo3typo3
10.0.0 ≤
𝑥
≤ 10.4.17
typo3typo3
11.0.0 ≤
𝑥
≤ 11.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
https://typo3.org/security/advisory/typo3-core-sa-2021-012
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
https://typo3.org/security/advisory/typo3-core-sa-2021-012