From f991d2ccf68f67614a9c05a8a274ae9d8a5d3709 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Tue, 14 Jun 2022 20:39:12 +0000 Subject: [PATCH] Add CVE-2022-31047 for GHSA-fh99-4pgr-8j99 Add CVE-2022-31047 for GHSA-fh99-4pgr-8j99 --- 2022/31xxx/CVE-2022-31047.json | 99 +++++++++++++++++++++++++++++++--- 1 file changed, 93 insertions(+), 6 deletions(-) diff --git a/2022/31xxx/CVE-2022-31047.json b/2022/31xxx/CVE-2022-31047.json index a9ec0928c00..a6a6694c45f 100644 --- a/2022/31xxx/CVE-2022-31047.json +++ b/2022/31xxx/CVE-2022-31047.json @@ -1,18 +1,105 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31047", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insertion of Sensitive Information into Log File in typo3/cms-core" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "typo3", + "version": { + "version_data": [ + { + "version_value": ">= 7.0.0, < 7.6.57" + }, + { + "version_value": ">= 8.0.0, < 8.7.47" + }, + { + "version_value": ">= 9.0.0, < 9.5.34" + }, + { + "version_value": ">= 10.0.0, < 10.4.29" + }, + { + "version_value": ">= 11.0.0, < 11.5.11" + } + ] + } + } + ] + }, + "vendor_name": "TYPO3" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Insertion of Sensitive Information into Log File" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", + "refsource": "CONFIRM", + "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99" + }, + { + "name": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", + "refsource": "MISC", + "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a" + }, + { + "name": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", + "refsource": "MISC", + "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002" + } + ] + }, + "source": { + "advisory": "GHSA-fh99-4pgr-8j99", + "discovery": "UNKNOWN" } } \ No newline at end of file