Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-55891

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

Published

2025-01-14T20:15:28.773

Last Modified

2025-08-26T18:52:53.197

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	13.4.2	Yes

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q Vendor Advisory ([email protected])
https://typo3.org/security/advisory/typo3-core-sa-2025-001 Vendor Advisory ([email protected])