Lucene search

[email protected]NVD:CVE-2022-23802

HistoryMay 06, 2022 - 6:15 p.m.

CVE-2022-23802

2022-05-0618:15:09

CWE-276

[email protected]

web.nvd.nist.gov

joomla guru insecure permissions sensitive information information disclosure access private components users

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users’ information. Information disclosure Access to private information and components, possibility to view other users’ information.

Affected configurations

Nvd

Node

ijoomlaguruMatch5.2.5joomla\!

VendorProductVersionCPE
ijoomlaguru5.2.5cpe:2.3:a:ijoomla:guru:5.2.5:*:*:*:*:joomla\!:*:*

Vendor	Product	Version	CPE
ijoomla	guru	5.2.5	cpe:2.3:a:ijoomla:guru:5.2.5:::::joomla\!::

References

guru.ijoomla.com/changelog

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Related for NVD:CVE-2022-23802

prion1 cvelist1 cve1