CVE-2021-32767
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TYPO3 | TYPO3.CMS | >= 9.0.0, < 9.5.28 | affected |
| TYPO3 | TYPO3.CMS | >= 10.0.0, < 10.4.18 | affected |
| TYPO3 | TYPO3.CMS | >= 11.0.0, < 11.3.1 | affected |
Weaknesses
- CWE-532: CWE-532: Insertion of Sensitive Information into Log File
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
- https://typo3.org/security/advisory/typo3-core-sa-2021-012
References
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
- https://typo3.org/security/advisory/typo3-core-sa-2021-012
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.