CVE-2022-23794: Path Disclosure within joomla/filesystem class
(updated )
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
References
- developer.joomla.org/security-centre/871-20220302-core-path-disclosure-within-filesystem-error-messages.html
- github.com/FriendsOfPHP/security-advisories/blob/master/joomla/filesystem/CVE-2022-23794.yaml
- github.com/advisories/GHSA-rc8q-45v8-x6xc
- github.com/joomla-framework/filesystem
- nvd.nist.gov/vuln/detail/CVE-2022-23794
Detect and mitigate CVE-2022-23794 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →