[20231101] – Core – Exposure of environment variables

Joomla Security Advisory

  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: High
  • Probability: Low
  • Versions: 1.6.0-4.4.0, 5.0.0
  • Exploit type: Information Disclosure
  • Reported Date: 2023-07-14
  • Fixed Date: 2023-11-21
  • CVE Number: CVE-2023-40626

Description

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

Affected Installs

Joomla! CMS versions 1.6.0-4.4.0, 5.0.0

Solution

Upgrade to version 3.10.14-elts, 4.4.1 or 5.0.1

Contact

The JSST at the Joomla! Security Centre.

READ MORE