{"containers": {"cna": {"affected": [{"product": "typo3", "vendor": "TYPO3", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.6.57"}, {"status": "affected", "version": ">= 8.0.0, < 8.7.47"}, {"status": "affected", "version": ">= 9.0.0, < 9.5.34"}, {"status": "affected", "version": ">= 10.0.0, < 10.4.29"}, {"status": "affected", "version": ">= 11.0.0, < 11.5.11"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-14T22:00:16.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"}, {"tags": ["x_refsource_MISC"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"}], "source": {"advisory": "GHSA-fh99-4pgr-8j99", "discovery": "UNKNOWN"}, "title": "Insertion of Sensitive Information into Log File in typo3/cms-core", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31047", "STATE": "PUBLIC", "TITLE": "Insertion of Sensitive Information into Log File in typo3/cms-core"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "typo3", "version": {"version_data": [{"version_value": ">= 7.0.0, < 7.6.57"}, {"version_value": ">= 8.0.0, < 8.7.47"}, {"version_value": ">= 9.0.0, < 9.5.34"}, {"version_value": ">= 10.0.0, < 10.4.29"}, {"version_value": ">= 11.0.0, < 11.5.11"}]}}]}, "vendor_name": "TYPO3"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532: Insertion of Sensitive Information into Log File"}]}]}, "references": {"reference_data": [{"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", "refsource": "CONFIRM", "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"}, {"name": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", "refsource": "MISC", "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"}, {"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", "refsource": "MISC", "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"}]}, "source": {"advisory": "GHSA-fh99-4pgr-8j99", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.244Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T14:05:23.839366Z", "id": "CVE-2022-31047", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T18:15:57.041Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31047", "datePublished": "2022-06-14T20:40:10.000Z", "dateReserved": "2022-05-18T00:00:00.000Z", "dateUpdated": "2025-04-23T18:15:57.041Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:03:40.244Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-31047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T14:05:23.839366Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T14:05:25.250Z"}}], "cna": {"title": "Insertion of Sensitive Information into Log File in typo3/cms-core", "source": {"advisory": "GHSA-fh99-4pgr-8j99", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "TYPO3", "product": "typo3", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.6.57"}, {"status": "affected", "version": ">= 8.0.0, < 8.7.47"}, {"status": "affected", "version": ">= 9.0.0, < 9.5.34"}, {"status": "affected", "version": ">= 10.0.0, < 10.4.29"}, {"status": "affected", "version": ">= 11.0.0, < 11.5.11"}]}], "references": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", "tags": ["x_refsource_MISC"]}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-06-14T22:00:16.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "GHSA-fh99-4pgr-8j99", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": ">= 7.0.0, < 7.6.57"}, {"version_value": ">= 8.0.0, < 8.7.47"}, {"version_value": ">= 9.0.0, < 9.5.34"}, {"version_value": ">= 10.0.0, < 10.4.29"}, {"version_value": ">= 11.0.0, < 11.5.11"}]}, "product_name": "typo3"}]}, "vendor_name": "TYPO3"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", "refsource": "CONFIRM"}, {"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", "name": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", "refsource": "MISC"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", "name": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532: Insertion of Sensitive Information into Log File"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-31047", "STATE": "PUBLIC", "TITLE": "Insertion of Sensitive Information into Log File in typo3/cms-core", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-31047", "state": "PUBLISHED", "dateUpdated": "2025-04-23T18:15:57.041Z", "dateReserved": "2022-05-18T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-06-14T20:40:10.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*", "matchCriteriaId": "A15251A1-BC05-4C05-AED2-0E2CF75BB054", "versionEndExcluding": "7.6.57", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*", "matchCriteriaId": "CD542E1B-F3BA-4816-B97D-D877EFADA02D", "versionEndExcluding": "8.7.47", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*", "matchCriteriaId": "83732441-A020-4401-A274-067B95354BB6", "versionEndExcluding": "9.5.35", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "272C6A8B-94DB-4A74-BB3A-24CD0486DFA7", "versionEndExcluding": "10.4.29", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "772D645D-5158-416C-BF2C-74E5E43EF1DC", "versionEndExcluding": "11.5.11", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."}, {"lang": "es", "value": "TYPO3 es un sistema de administraci\u00f3n de contenidos web de c\u00f3digo abierto. En versiones anteriores a 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29 y 11.5.11, las credenciales o claves internas del sistema (por ejemplo, las credenciales de la base de datos) pod\u00edan registrarse como texto plano en los manejadores de excepciones, cuando es registrado el seguimiento completo de la pila de excepciones. TYPO3 versiones 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contienen una correcci\u00f3n del problema"}], "id": "CVE-2022-31047", "lastModified": "2024-11-21T07:03:46.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-14T21:15:16.050", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}