CVE-2024-29291
published 2024-04-16CVE-2024-29291: An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed…
PriorityP179
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.34%
67.8th percentile
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
Detection & IOCsextracted from sources · hover to see the quote
- →Search for the string 'PDO->__construct('mysql:host=' in publicly accessible Laravel log files to identify exposed database credentials. ↗
- →Monitor HTTP GET requests to the path 'storage/logs/laravel.log' on Laravel-based web applications, as unauthenticated access to this file may indicate exploitation attempts. ↗
- ·This vulnerability is disputed; it only manifests when debug logging is enabled AND access controls on the log file are not properly configured by the Laravel installation owner. ↗
- ·Credential leakage in the log occurs specifically when a PDO database connection exception is thrown and debug-level stack traces are written to the log, exposing the constructor arguments including username and password. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g8vg-q9j5-3vf5: An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel
ghsa_unreviewed·2024-04-17
CVE-2024-29291 CWE-200 GHSA-g8vg-q9j5-3vf5: An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log.
VulnCheck
Laravel Laravel Framework Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2024
CVE-2024-29291 Laravel Laravel Framework Exposure of Sensitive Information to an Unauthorized Actor
Laravel Laravel Framework Exposure of Sensitive Information to an Unauthorized Actor
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
Affected: Laravel Laravel Framework
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://info.greynoise.io/hubfs/resources/GreyNoise-2025-Mass-Internet-Exploitation-Report.pdf; https://api.vulncheck.com/v3/index
No detection rules found.
No writeups or analysis indexed.
2024-04-16
Published
Exploited in the wild