Main Vulnerability Database Vulnerabilities #VU64267

#VU64267 Inclusion of Sensitive Information in Log Files in TYPO3 - CVE-2022-31047

Published: June 14, 2022

Vulnerability identifier: #VU64267

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-31047

CWE-ID: CWE-532

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TYPO3

Software vendor:
TYPO3

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software stores system internal credentials or keys (e.g. database credentials) in plain text in exception handlers, when logging the complete exception stack trace. A remote user can view the stack trace and gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://typo3.org/security/advisory/typo3-core-sa-2022-002/

#VU64267 Inclusion of Sensitive Information in Log Files in TYPO3 - CVE-2022-31047

Description

Remediation

External links

Please verify you're human