logo

Database

Sensitive data stored in client-side storage In typo3/cms-core

Description

TYPO3 Information Disclosure in User Authentication It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user credentials.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-wj85-rg5g-v8jm

References

1. https://github.com/TYPO3-CMS/core/commit/ac0565b7a539398a07adf21f04f85cd2574817d22. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-05-07-5.yaml3. https://typo3.org/security/advisory/typo3-core-sa-2019-010

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.