CVE-2022-31047
14.06.2022, 21:15
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.Enginsight
| Vendor | Product | Version |
|---|---|---|
| typo3 | typo3 | 7.0.0 ≤ 𝑥 < 7.6.57 |
| typo3 | typo3 | 8.0.0 ≤ 𝑥 < 8.7.47 |
| typo3 | typo3 | 9.0.0 ≤ 𝑥 < 9.5.35 |
| typo3 | typo3 | 10.0.0 ≤ 𝑥 < 10.4.29 |
| typo3 | typo3 | 11.0.0 ≤ 𝑥 < 11.5.11 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.
References