CVE-2024-55891 — LOW (3.1) — White Hats Nepal

Vulnerability Description

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Typo3	Typo3	13.4.2

Related Weaknesses (CWE)

CWE-532

References

https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27qVendor Advisory
https://typo3.org/security/advisory/typo3-core-sa-2025-001Vendor Advisory

FAQ

What is CVE-2024-55891?

CVE-2024-55891 is a vulnerability with a CVSS score of 3.1 (LOW). TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the pas...

How severe is CVE-2024-55891?

CVE-2024-55891 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-55891?

Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.