What is the CVSS score of CVE-2024-55891?

CVE-2024-55891 has a CVSS 3.1 base score of 3.1 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.3%.

Which versions of Typo3 are affected by CVE-2024-55891?

CVE-2024-55891 is a low-severity vulnerability in TYPO3 involving log exposure (CVSS 3.1).. A patch is available.

How to fix or mitigate CVE-2024-55891?

During next maintenance window: Apply vendor patches when convenient. Verify log exposure controls are in place.

Typo3 CVE-2024-55891

LOW

Insertion of Sensitive Information into Log File (CWE-532)

2025-01-14 security-advisories@github.com

Information Disclosure Typo3

3.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

3.1 LOW

AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:03 vuln.today

CVE Published

Jan 14, 2025 - 20:15 nvd

LOW 3.1

DescriptionGitHub Advisory

TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability.

AnalysisAI

TYPO3 is a free and open source Content Management Framework. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-532. TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. Affected products include: Typo3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-55891 vulnerability details – vuln.today

Back

Typo3 CVE-2024-55891

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code