What is the severity of CVE-2024-29291?

CVE-2024-29291 is considered a moderate severity vulnerability due to the potential for remote attackers to access sensitive database credentials.

How do I fix CVE-2024-29291?

To fix CVE-2024-29291, ensure that your Laravel version is upgraded to the latest release beyond version 11 and avoid enabling debugging logs in production.

Who is affected by CVE-2024-29291?

CVE-2024-29291 affects all users of Laravel Framework versions 8 through 11 who have debugging logs enabled.

Can CVE-2024-29291 be exploited remotely?

Yes, CVE-2024-29291 can be exploited remotely if the Laravel logs are improperly configured to be accessible.

What is the potential impact of CVE-2024-29291?

The potential impact of CVE-2024-29291 includes exposure of sensitive database credentials, which can lead to unauthorized access to the database.

Vulnerability/
CVE-2024-29291

Exploited

CWE

200

16/4/2024

2/8/2024

CVE-2024-29291: Laravel Framework 11 - Credential Leakage

First published: Tue Apr 16 2024(Updated: )

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.

Credit: cve@mitre.org Huseein Amer

Affected Software	Affected Version	How to fix
Laravel	>=8<11

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-29291?
CVE-2024-29291 is considered a moderate severity vulnerability due to the potential for remote attackers to access sensitive database credentials.
How do I fix CVE-2024-29291?
To fix CVE-2024-29291, ensure that your Laravel version is upgraded to the latest release beyond version 11 and avoid enabling debugging logs in production.
Who is affected by CVE-2024-29291?
CVE-2024-29291 affects all users of Laravel Framework versions 8 through 11 who have debugging logs enabled.
Can CVE-2024-29291 be exploited remotely?
Yes, CVE-2024-29291 can be exploited remotely if the Laravel logs are improperly configured to be accessible.
What is the potential impact of CVE-2024-29291?
The potential impact of CVE-2024-29291 includes exposure of sensitive database credentials, which can lead to unauthorized access to the database.

agent/severity
agent/type
agent/first-publish-date
agent/references
agent/author
agent/description
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
collector/exploitdb-recent
source/ExploitDB
anchor-exploit/CVE-2024-29291
exploited/true
agent/title
agent/source
agent/softwarecombine
agent/trending
agent/exploited
proof-of-concept/true
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/laravel
canonical/laravel

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.