CVE-2021-32767

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32767
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32767.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32767
Aliases
Published
2021-07-20T16:15:07Z
Modified
2024-10-12T07:37:29.902373Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.

References

Affected packages

Git / github.com/typo3/typo3.cms

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events

Affected versions

v11.*

v11.0.0
v11.1.0
v11.2.0
v11.3.0