[20201101] – Core – com_finder ignores access levels on autosuggest

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0-3.9.22
  • Exploit type: Information Disclosure
  • Reported Date: 2020-06-21
  • Fixed Date: 2020-11-24
  • CVE Number: CVE-2020-xxx (TBA)

Description

The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.22

Solution

Upgrade to version 3.9.23

Contact

The JSST at the Joomla! Security Centre.

Reported By:  Phil Taylor

Leave a Comment