[20201106] - Core - CSRF in com_privacy emailexport feature

CVE-2020-35615
6.3MEDIUM

Key Information

Vendor
Joomla
Status
Joomla! Cms
Vendor
CVE Published:
28 December 2020

Summary

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

Affected Version(s)

Joomla! CMS = 2.5.0-3.9.22

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.