Description

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.

Remediation

References

CVE-2020-35611

Related Vulnerabilities

OpenSSL Other Vulnerability (CVE-2005-1797)

ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)

MySQL CVE-2012-0120 Vulnerability (CVE-2012-0120)

WordPress Plugin Cookie Information-Free GDPR Consent Solution Cross-Site Scripting (1.5.5)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)

Severity

High

Classification

CVE-2020-35611 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities