Description

Certain Joomla! Core 4.x versions are vulnerable to an authentication bypass vulnerability that allows unauthenticated users to access sensitive information about Joomla! Installation. It affects Joomla versions 4.0.0 to 4.2.7, the patch was released in version 4.2.8.

Remediation

Upgrade to Joomla! version 4.2.8.

References

Core - Improper access check in webservice endpoints

CVE-2023-23752: Joomla Authentication Bypass Vulnerability

Related Vulnerabilities

WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)

Atlassian Confluence information disclosure

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.9)

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

SharePoint exposed web services

Severity

Medium

Classification

CVE-2023-23752 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass