CVE-2022-23798: [20220306] - Core - Inadequate validation of internal URLs
First published: Wed Mar 30 2022(Updated: )
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.
Credit: security@joomla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla Joomla\! | >=2.5.0<=3.10.6 | |
| Joomla Joomla\! | >=4.0.0<=4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Joomla issue?
The vulnerability ID for this Joomla issue is CVE-2022-23798.
What is the severity level of CVE-2022-23798?
The severity level of CVE-2022-23798 is medium.
What is the affected software version range for this vulnerability?
The affected software versions for this vulnerability range from Joomla 2.5.0 to 3.10.6 and from Joomla 4.0.0 to 4.1.0.
What is the CWE number for this vulnerability?
The CWE number for this vulnerability is 601.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Joomla Developer website: https://developer.joomla.org/security-centre/875-20220306-core-inadequate-validation-of-internal-urls.html.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- vendor/joomla
- canonical/joomla joomla\!
- version/joomla joomla\!/2.5.0
- version/joomla joomla\!/3.10.6
- version/joomla joomla\!/4.0.0
- version/joomla joomla\!/4.1.0