cbcvebase.
CVE-2024-29291
published 2024-04-16

CVE-2024-29291: An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed…

PriorityP179
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.34%
67.8th percentile
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.

Detection & IOCsextracted from sources · hover to see the quote

pathstorage/logs/laravel.log
path/vendor/laravel/framework/src/Illuminate/Database/Connectors/Connector.php
  • Search for the string 'PDO->__construct('mysql:host=' in publicly accessible Laravel log files to identify exposed database credentials.
  • Monitor HTTP GET requests to the path 'storage/logs/laravel.log' on Laravel-based web applications, as unauthenticated access to this file may indicate exploitation attempts.
  • ·This vulnerability is disputed; it only manifests when debug logging is enabled AND access controls on the log file are not properly configured by the Laravel installation owner.
  • ·Credential leakage in the log occurs specifically when a PDO database connection exception is thrown and debug-level stack traces are written to the log, exposing the constructor arguments including username and password.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.