Description

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.

Remediation

References

CVE-2020-35611

Related Vulnerabilities

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000355)

WordPress Plugin VikRentCar Car Rental Management System Cross-Site Request Forgery (1.1.6)

WordPress Plugin Free Responsive Post/Article Author Section for WordPress-Ultimate Author Box Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.2)

WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)

Severity

High

Classification

CVE-2020-35611 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities