Description

Certain Joomla! Core 4.x versions are vulnerable to an authentication bypass vulnerability that allows unauthenticated users to access sensitive information about Joomla! Installation. It affects Joomla versions 4.0.0 to 4.2.7, the patch was released in version 4.2.8.

Remediation

Upgrade to Joomla! version 4.2.8.

References

Core - Improper access check in webservice endpoints

CVE-2023-23752: Joomla Authentication Bypass Vulnerability

Related Vulnerabilities

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

WordPress Plugin wp superb Slideshow Information Disclosure (2.4)

Stack Trace Disclosure (Laravel)

WordPress Plugin Visual Link Preview Security Bypass (2.2.2)

Severity

Medium

Classification

CVE-2023-23752 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass