Inclusion of Sensitive Information in Log Files in TYPO3 - CVE-2022-31047

 

Inclusion of Sensitive Information in Log Files in TYPO3 - CVE-2022-31047

Published: June 14, 2022


Vulnerability identifier: #VU64267
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-31047
CWE-ID: CWE-532
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: TYPO3
Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software stores system internal credentials or keys (e.g. database credentials) in plain text in exception handlers, when logging the complete exception stack trace. A remote user can view the stack trace and gain access to sensitive information.


How to mitigate CVE-2022-31047

Install updates from vendor's website.

Sources