PT-2021-19916 · Typo3 · Typo3
Ingo Schmitt
·
Published
2021-07-20
·
Updated
2024-03-06
·
CVE-2021-32767
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 9.0.0 through 9.5.27
TYPO3 versions 10.0.0 through 10.4.17
TYPO3 versions 11.0.0 through 11.3.0
Description
The issue concerns the logging of user credentials in plain-text when the log level is set to debug, which is not the default configuration.
Recommendations
Update to TYPO3 version 9.5.28 to resolve the issue for versions 9.0.0 through 9.5.27.
Update to TYPO3 version 10.4.18 to resolve the issue for versions 10.0.0 through 10.4.17.
Update to TYPO3 version 11.3.1 to resolve the issue for versions 11.0.0 through 11.3.0.
Exploit
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3