CVE-2024-55891 LOW

CVE-2024-55891: Information Disclosure via Exception Handling/Logger in TYPO3

Vendor Typo3

Product typo3

Weakness CWE-532 · Sensitive info in logs

Published January 14, 2025

Last update January 15, 2025

View on NVD All CVEs

CVSS base score

3.1/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

Key dates

Disclosure timeline

January 14, 2025 CVE published

January 15, 2025 Record updated