CVE-2022-31047

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.

Related Vulnerabilities

CVE-2016-10362

MEDIUM
CVSS:6.5(Medium)

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

CWE-5322016

CVE-2016-10819

MEDIUM
CVSS:6.5(Medium)

In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

CWE-5322016

CVE-2017-11134

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.

CWE-5322017

CVE-2017-3744

MEDIUM
CVSS:6.5(Medium)

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated ...

CWE-5322017

CVE-2018-0504

MEDIUM
CVSS:6.5(Medium)

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

CWE-5322018

CVE-2018-19014

MEDIUM
CVSS:6.5(Medium)

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network conn...

CWE-5322018