CVE-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

History

21 Sep 2021, 16:29

Type Values Removed Values Added
References (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-012 - (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-012 - Vendor Advisory

19 Aug 2021, 14:11

Type Values Removed Values Added
References
  • {'url': 'https://typo3.org/security/advisory/typo3-core-sa-2021-013', 'name': 'https://typo3.org/security/advisory/typo3-core-sa-2021-013', 'tags': ['Broken Link'], 'refsource': 'MISC'}
  • (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-012 -

29 Jul 2021, 16:37

Type Values Removed Values Added
References (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-013 - (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-013 - Broken Link
References (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235 - (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235 - Third Party Advisory
CPE cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 6.5
CWE CWE-532

20 Jul 2021, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-20 16:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-32767

Mitre link : CVE-2021-32767

CVE.ORG link : CVE-2021-32767


JSON object : View

Products Affected

typo3

  • typo3
CWE
CWE-532

Insertion of Sensitive Information into Log File