Lucene search

[email protected]CVE-2023-39974

HistoryAug 17, 2023 - 9:15 p.m.

CVE-2023-39974

2023-08-1721:15:09

CWE-668

CWE-200

[email protected]

web.nvd.nist.gov

cve-2023

vulnerability

acymailing

joomla

sensitive information

unauthorized access

subscribers

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

CPENameOperatorVersion
acymailing:acymailingacymailinglt8.7.0
acymailing:acymailingacymailingeq6.7.0

CPE	Name	Operator	Version
acymailing:acymailing	acymailing	lt	8.7.0
acymailing:acymailing	acymailing	eq	6.7.0

References

extensions.joomla.org/extension/acymailing-starter/

www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2023-39974

cvelist1 prion1 osv1