Description

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.

Remediation

References

CVE-2022-31047

Related Vulnerabilities

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-26070)

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-1899)

MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2736)

WordPress Plugin WooCommerce Cross-Site Scripting (3.5.4)

WordPress Plugin Payment Gateways Caller for WP e-Commerce Local File Inclusion (0.1)

Severity

Medium

Classification

CVE-2022-31047 CWE-532 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities