CVE-2024-29291

Name of the Vulnerable Software and Affected Versions Laravel Framework versions 8 through 11

Description An issue in the Laravel Framework might allow a remote attacker to discover database credentials in the storage/logs/laravel.log file. This is due to insufficient protection of sensitive data when handling the laravel.log file. The exploitation of this issue can allow an attacker to gain unauthorized access to protected information. It is noted that the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.

Recommendations For Laravel Framework versions 8 through 11, consider restricting access to the storage/logs/laravel.log file to minimize the risk of exploitation. As a temporary workaround, review and adjust the logging configuration to prevent sensitive data from being logged. Ensure proper access control is set for the type of data that may be logged. At the moment, there is no information about a newer version that contains a fix for this vulnerability.