Search for vulnerabilities
Vulnerability details: VCID-q2ch-qd6x-vqeu
Vulnerability ID VCID-q2ch-qd6x-vqeu
Aliases CVE-2022-31047
GHSA-fh99-4pgr-8j99
Summary Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above. ### Credits Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-532 Insertion of Sensitive Information into Log File
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00485 https://api.first.org/data/v1/epss?cve=CVE-2022-31047
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fh99-4pgr-8j99
cvssv3.1 5.3 https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
cvssv3.1 5.3 https://github.com/TYPO3-CMS/core
generic_textual MODERATE https://github.com/TYPO3-CMS/core
cvssv3.1 5.3 https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
ssvc Track https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
cvssv3.1 5.3 https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
cvssv3.1_qr MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
generic_textual MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
ssvc Track https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2022-31047
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-31047
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31047
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-31047
cvssv3.1 5.3 https://typo3.org/security/advisory/typo3-core-sa-2022-002
generic_textual MODERATE https://typo3.org/security/advisory/typo3-core-sa-2022-002
ssvc Track https://typo3.org/security/advisory/typo3-core-sa-2022-002
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-31047
https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
https://github.com/TYPO3-CMS/core
https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
https://nvd.nist.gov/vuln/detail/CVE-2022-31047
https://typo3.org/security/advisory/typo3-core-sa-2022-002
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*
GHSA-fh99-4pgr-8j99 https://github.com/advisories/GHSA-fh99-4pgr-8j99
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/TYPO3-CMS/core
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/ Found at https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/ Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31047
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31047
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31047
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://typo3.org/security/advisory/typo3-core-sa-2022-002
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/ Found at https://typo3.org/security/advisory/typo3-core-sa-2022-002
Exploit Prediction Scoring System (EPSS)
Percentile 0.64308
EPSS Score 0.00485
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:25:44.357152+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-fh99-4pgr-8j99/GHSA-fh99-4pgr-8j99.json 36.1.3