CVE-2024-55891

LOW

Typo3 < 13.4.3 - Log Information Exposure

Title source: rule

Description

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

References (2)

[Vendor Advisory] https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q

[Vendor Advisory] https://typo3.org/security/advisory/typo3-core-sa-2025-001

Scores

CVSS v3 3.1

EPSS 0.0029

EPSS Percentile 52.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

typo3/cms-install 13.4.2 - 13.4.3Packagist

typo3/typo3 13.4.2

Published Jan 14, 2025

Tracked Since Feb 18, 2026