PT-2020-17363 · Open Source Matters · Joomla!
Published
2020-12-28
·
Updated
2025-04-03
·
CVE-2020-35611
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! versions 2.5.0 through 3.9.22
Description
An issue was discovered where the global configuration page does not remove secrets from the HTML output, disclosing the current values.
Recommendations
For Joomla! versions 2.5.0 through 3.9.22, update to a version that removes secrets from the HTML output of the global configuration page to prevent disclosure of sensitive information.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!