Lucene search
Veracode Vulnerability DatabaseVERACODE:35996HistoryJun 15, 2022 - 6:47 a.m.
Information Disclosure
2022-06-1506:47:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
41.0%
typo3/cms-core is vulnerable to Information Disclosure. The vulnerability exists due to a lack of sanitization of log files in the ‘writeLogEntries’ function of ‘AbstractExceptionHandler.php’ which allows an unauthorized user to gain access to the system and view sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | le | v11.5.10 | |
| typo3/cms-core | le | v10.4.28 | |
| typo3/cms-core | le | v11.5.10 | |
| typo3/cms-core | le | v10.4.28 |
References
github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
github.com/TYPO3/typo3/commit/f9a1f1830ab123374ddbeb10bd54a2dde1349011
github.com/TYPO3/typo3/commit/fb542d43c7e50fd723e393becf01259ae2f41250
github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
typo3.org/security/advisory/typo3-core-sa-2022-002
Related
openvas
openvas
TYPO3 Information Disclosure Vulnerability (TYPO3-CORE-SA-2022-002)
2022-06-15 00:00:00
cve
cve
CVE-2022-31047
2022-06-14 21:15:16
osv
osv
BIT-typo3-2022-31047
2024-03-06 11:09:36
Insertion of Sensitive Information into Log File in typo3/cms-core
2022-06-17 20:55:14
CVE-2022-31047
2022-06-14 21:15:16
cvelist
cvelist
friendsofphp
friendsofphp
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
2022-06-14 07:11:27
TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
2022-06-14 07:11:27
github
github
Insertion of Sensitive Information into Log File in typo3/cms-core
2022-06-17 20:55:14
prion
prion
Code injection
2022-06-14 21:15:00
nvd
nvd
CVE-2022-31047
2022-06-14 21:15:16