Description

Certain Joomla! Core 4.x versions are vulnerable to an authentication bypass vulnerability that allows unauthenticated users to access sensitive information about Joomla! Installation. It affects Joomla versions 4.0.0 to 4.2.7, the patch was released in version 4.2.8.

Remediation

Upgrade to Joomla! version 4.2.8.

References

Core - Improper access check in webservice endpoints

CVE-2023-23752: Joomla Authentication Bypass Vulnerability

Related Vulnerabilities

WordPress Plugin WP Affiliate Disclosure Security Bypass (1.1.3)

WordPress Plugin AccessAlly Information Disclosure (3.5.6)

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.5)

Version Disclosure (PHP)

Severity

Medium

Classification

CVE-2023-23752 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass