Information disclosure in Typo3
CVE-2024-55891
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised…
EPSS: 0.003 (22.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Typo3 — versions < 13.4.3, 13.4.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2024-55891?
- CVE-2024-55891 is a low-severity vulnerability in Typo3, classified under Insertion of Sensitive Information into Log File. CVSS score: 3.1/10. Published 2025-01-14.
- How severe is CVE-2024-55891?
- Low severity. CVSS v3 base score is 3.1 out of 10.