We found results for “”
WS-2023-0063
Good to know:
Date: February 15, 2023
An unauthorized Rest Api owned by Joomla was discovered in joomla/joomla-cms. It needs to provide authentication information when accessing, but if public is added to the request parameters when accessing the API, then any unauthenticated user can directly access. The issue is resolved in 4.2.8.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-497Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |