Vulnerability Description
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
Related Weaknesses (CWE)
References
- https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784
- https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784
FAQ
What is CVE-2024-29291?
CVE-2024-29291 is a documented vulnerability. An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owne...
How severe is CVE-2024-29291?
CVSS scoring is not yet available for CVE-2024-29291. Check NVD for updates.
Is there a patch for CVE-2024-29291?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.