First published: Mon Dec 28 2020(Updated: )
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
Credit: security@joomla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Joomla Joomla\! | >=2.5.0<=3.9.22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35611 is a vulnerability discovered in Joomla! versions 2.5.0 through 3.9.22 that exposes secrets in the global configuration page.
CVE-2020-35611 affects Joomla! versions 2.5.0 through 3.9.22, allowing secrets to be disclosed in the HTML output of the global configuration page.
CVE-2020-35611 has a severity score of 7.5, indicating a high level of vulnerability.
To fix CVE-2020-35611, users should update Joomla! to a version beyond 3.9.22, where the vulnerability has been patched.
More information about CVE-2020-35611 can be found in the Joomla! security advisory: https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html