CVE-2022-31047

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*

History

23 Jun 2022, 19:57

Type Values Removed Values Added
First Time Typo3
Typo3 typo3
CPE cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
References (MISC) https://typo3.org/security/advisory/typo3-core-sa-2022-002 - (MISC) https://typo3.org/security/advisory/typo3-core-sa-2022-002 - Vendor Advisory
References (MISC) https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a - (MISC) https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a - Patch, Third Party Advisory
References (CONFIRM) https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99 - (CONFIRM) https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99 - Third Party Advisory

14 Jun 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-14 21:15

Updated : 2022-06-23 19:57


NVD link : CVE-2022-31047

Mitre link : CVE-2022-31047


JSON object : View

Products Affected

typo3

  • typo3
CWE
CWE-532

Insertion of Sensitive Information into Log File