CVE-2022-23795

State: PUBLISHED · Published: 2022-03-30 · Updated: 2026-02-25 · Assigner: Joomla

Description

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.

CWE

(none)

Affected

Joomla! Project / Joomla! CMS — v=2.5.0-3.10.6 & 4.0.0-4.1.0 [affected]

CVSS

(none)

References

https://developer.joomla.org/security-centre/872-20220303-core-user-row-are-not-bound-to-a-authentication-mechanism.html x_refsource_MISC, vendor-advisory

Source

cvelistV5-main/cves/2022/23xxx/CVE-2022-23795.json