CVE-2022-31047 MEDIUM

CVE-2022-31047: Insertion of Sensitive Information into Log File in typo3/cms-core

Vendor Typo3

Product typo3

Weakness CWE-532 · Sensitive info in logs

Published June 14, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

Description

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.

Key dates

Disclosure timeline

June 14, 2022 CVE published

April 23, 2025 Record updated

Identifiers

CVE CVE-2022-31047

CWE CWE-532

CVSS 5.3 / MEDIUM

Affected versions

Vendor Typo3

Product typo3

Affected >= 7.0.0, < 7.6.57

Vendor Typo3

Product typo3

Affected >= 8.0.0, < 8.7.47

Vendor Typo3

Product typo3

Affected >= 9.0.0, < 9.5.34

Vendor Typo3

Product typo3

Affected >= 10.0.0, < 10.4.29

Vendor Typo3

Product typo3

Affected >= 11.0.0, < 11.5.11