BIT-joomla-2020-35611

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/joomla/BIT-joomla-2020-35611.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-joomla-2020-35611

Aliases

CVE-2020-35611

Published

2025-04-03T14:11:02.105Z

Modified

2025-05-20T10:02:07.006Z

Summary

[20201102] - Core - Disclosure of secrets in Global Configuration page

Details

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.

Database specific

{
    "cpes": [
        "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html
https://nvd.nist.gov/vuln/detail/CVE-2020-35611

Affected packages

Bitnami / joomla

Package

Name: joomla
Purl: pkg:bitnami/joomla

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.5.0

Last affected

3.9.22