CVE-2020-35611

State: PUBLISHED · Published: 2020-12-28 · Updated: 2026-02-24 · Assigner: Joomla

Description

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.

CWE

(none)

Affected

Joomla! Project / Joomla! CMS — v=2.5.0-3.9.22 [affected]

CVSS

(none)

References

https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html x_refsource_MISC, vendor-advisory

Source

cvelistV5-main/cves/2020/35xxx/CVE-2020-35611.json