Armis Vulnerability Intelligence Database

Description Preview

CVE-2020-35611 affects Joomla! versions 2.5.0 through 3.9.22. The vulnerability allows unauthorized disclosure of sensitive information as the global configuration page fails to properly remove secrets from the HTML output, potentially exposing configuration secrets to users with access to this page.

Overview

This vulnerability (CWE-200: Information Exposure) exists in Joomla's global configuration page where sensitive information such as API keys, passwords, or other configuration secrets are not properly masked or removed from the HTML output. When administrators access the global configuration page, these secrets are embedded in the page source, potentially exposing them to anyone who can view the page source or intercept the HTTP response. This could lead to unauthorized access to connected services, data breaches, or further system compromise if these secrets are obtained by malicious actors.

Remediation

Update Joomla! to version 3.9.23 or later which contains the fix for this vulnerability.
If immediate update is not possible, restrict access to the administrator area and specifically the global configuration page to only trusted administrators.
Consider changing any secrets that may have been exposed, including API keys, database credentials, and other sensitive configuration values.
Implement additional security layers such as IP restrictions for administrative access and two-factor authentication for administrator accounts.
Regularly audit your Joomla installation for security updates and apply them promptly.

References

Joomla Security Centre Advisory: https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html
Common Weakness Enumeration: CWE-200 (Information Exposure) - https://cwe.mitre.org/data/definitions/200.html
Joomla Security Release: https://www.joomla.org/announcements/release-news/5813-joomla-3-9-23-release.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing
Manufacturing
Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Construction
Construction
Educational Services
Educational Services
Finance and Insurance
Finance and Insurance
Health Care & Social Assistance
Health Care & Social Assistance
Information
Information
Management of Companies & Enterprises
Management of Companies & Enterprises
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Retail Trade
Retail Trade
Transportation & Warehousing
Transportation & Warehousing
Utilities
Utilities
Wholesale Trade
Wholesale Trade

^{CVE-2020-35611:}Joomla Global Configuration Page Information Disclosure Vulnerability

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!