CVE-2022-31047
MEDIUM5.3EPSS 0.39%Insertion of Sensitive Information into Log File in typo3/cms-core
發布日:2022/6/17修改日:2024/3/6
描述
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
受影響套件(3)
- Bitnami/typo3>= 7.0.0, < 7.6.57, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 10.0.0, < 10.4.29, >= 11.0.0, < 11.5.11
- Packagist/typo3/cms>= 10.0.0, < 10.4.29
- Packagist/typo3/cms-core>= 7.0.0, < 7.6.57
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-31047
- PATCHhttps://github.com/TYPO3-CMS/core
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
- WEBhttps://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
- WEBhttps://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
- WEBhttps://typo3.org/security/advisory/typo3-core-sa-2022-002