← back
CVE-2020-35611

[20201102] - Core - Disclosure of secrets in Global Configuration page

EPSS 1.3%
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
Affected products
Joomla! Project · Joomla! CMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html