Lucene search

[email protected]CVE-2023-39974

HistoryAug 17, 2023 - 9:15 p.m.

CVE-2023-39974

2023-08-1721:15:09

CWE-200

CWE-668

[email protected]

web.nvd.nist.gov

cve-2023

vulnerability

acymailing

joomla

sensitive information

unauthorized access

subscribers

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.

Affected configurations

NVD

Node

acymailingacymailingRange6.7.0–8.7.0enterprisejoomla\!

CPENameOperatorVersion
acymailing:acymailingacymailinglt8.7.0

CPE	Name	Operator	Version
acymailing:acymailing	acymailing	lt	8.7.0

CNA Affected

[
  {
    "collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
    "defaultStatus": "unaffected",
    "packageName": "com_acymailing",
    "product": "AcyMailing Enterprise component for Joomla",
    "vendor": "acymailing.com",
    "versions": [
      {
        "status": "affected",
        "version": "6.7.0-8.6.3"
      }
    ]
  }
]

References

extensions.joomla.org/extension/acymailing-starter/

www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-39974

prion1 nvd1 cvelist1 osv1