TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
References
Link | Resource |
---|---|
https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a | Patch Third Party Advisory |
https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99 | Third Party Advisory |
https://typo3.org/security/advisory/typo3-core-sa-2022-002 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jul 2023, 13:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-209 |
23 Jun 2022, 19:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Typo3
Typo3 typo3 |
|
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2022-002 - Vendor Advisory | |
References | (MISC) https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99 - Third Party Advisory |
14 Jun 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-14 21:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-31047
Mitre link : CVE-2022-31047
CVE.ORG link : CVE-2022-31047
JSON object : View
Products Affected
typo3
- typo3