Home > Vulnerability Database > CVE-2024-55891

Mend.io Vulnerability Database

CVE-2024-55891

Good to know:

Date: January 14, 2025

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

Severity Score

3.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55891

Url: https://github.com/TYPO3-CMS/install

Url: https://typo3.org/security/advisory/typo3-core-sa-2025-001

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q

Url: https://github.com/TYPO3-CMS/install/commit/baa8089b1baf5552fab213a5761081608b0afc51

Url: https://www.mend.io/vulnerability-database/CVE-2024-55891

Severity Score

3.1

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version typo3/cms-install - v13.4.3;typo3/cms - dev-l10n_main;typo3/cms - v13.4.3

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55891

Good to know:

Date: January 14, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?