CVE-2022-23802 (GCVE-0-2022-23802)

Vulnerability from cvelistv5 – Published: 2022-05-06 17:55 – Updated: 2026-02-25 05:06
VLAI
Title
Extension - Insecure Permissions within Joomla Guru extensions
Summary
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information.
Severity
No CVSS data available.
CWE
  • Insecure Permissions
Assigner
References
URL Tags
https://guru.ijoomla.com/changelog x_refsource_MISCvendor-advisory
Impacted products
Vendor Product Version
ijoomla.com Guru Affected: 5.2.5
Create a notification for this product.
Date Public
2022-05-06 00:00
Credits
Rafael García Lázaro
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://guru.ijoomla.com/changelog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Guru",
          "vendor": "ijoomla.com",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rafael Garc\u00eda L\u00e1zaro"
        }
      ],
      "datePublic": "2022-05-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users\u0027 information. Information disclosure Access to private information and components, possibility to view other users\u0027 information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T05:06:03.638Z",
        "orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
        "shortName": "Joomla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC",
            "vendor-advisory"
          ],
          "url": "https://guru.ijoomla.com/changelog"
        }
      ],
      "title": "Extension - Insecure Permissions within Joomla Guru extensions",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@joomla.org",
          "DATE_PUBLIC": "2022-05-06T18:00:00",
          "ID": "CVE-2022-23802",
          "STATE": "PUBLIC",
          "TITLE": "Extension - Insecure Permissions within Joomla Guru extensions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Guru",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ijoomla.com"
              }
            ]
          }
        },
        "credit": "Rafael Garc\u00eda L\u00e1zaro",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users\u0027 information. Information disclosure Access to private information and components, possibility to view other users\u0027 information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://guru.ijoomla.com/changelog",
              "refsource": "MISC",
              "url": "https://guru.ijoomla.com/changelog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
    "assignerShortName": "Joomla",
    "cveId": "CVE-2022-23802",
    "datePublished": "2022-05-06T17:55:11.006Z",
    "dateReserved": "2022-01-20T00:00:00.000Z",
    "dateUpdated": "2026-02-25T05:06:03.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-23802",
      "date": "2026-05-29",
      "epss": "0.00406",
      "percentile": "0.61333"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ijoomla:guru:5.2.5:*:*:*:*:joomla\\\\!:*:*\", \"matchCriteriaId\": \"D6913295-98AF-4FFF-8D41-A7B7F823AE03\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users\u0027 information. Information disclosure Access to private information and components, possibility to view other users\u0027 information.\"}, {\"lang\": \"es\", \"value\": \"Joomla Guru extension versi\\u00f3n 5.2.5, est\\u00e1 afectada por: Permisos no Seguros. El impacto es: obtenci\\u00f3n de informaci\\u00f3n confidencial (remota). El componente es: Acceso a informaci\\u00f3n y componentes privados, posibilidad de visualizar informaci\\u00f3n de otros usuarios. Revelaci\\u00f3n de informaci\\u00f3n Acceso a informaci\\u00f3n y componentes privados, posibilidad de visualizar informaci\\u00f3n de otros usuarios\"}]",
      "id": "CVE-2022-23802",
      "lastModified": "2024-11-21T06:49:16.970",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-06T18:15:09.487",
      "references": "[{\"url\": \"https://guru.ijoomla.com/changelog\", \"source\": \"security@joomla.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://guru.ijoomla.com/changelog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@joomla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23802\",\"sourceIdentifier\":\"security@joomla.org\",\"published\":\"2022-05-06T18:15:09.487\",\"lastModified\":\"2024-11-21T06:49:16.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users\u0027 information. Information disclosure Access to private information and components, possibility to view other users\u0027 information.\"},{\"lang\":\"es\",\"value\":\"Joomla Guru extension versi\u00f3n 5.2.5, est\u00e1 afectada por: Permisos no Seguros. El impacto es: obtenci\u00f3n de informaci\u00f3n confidencial (remota). El componente es: Acceso a informaci\u00f3n y componentes privados, posibilidad de visualizar informaci\u00f3n de otros usuarios. Revelaci\u00f3n de informaci\u00f3n Acceso a informaci\u00f3n y componentes privados, posibilidad de visualizar informaci\u00f3n de otros usuarios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ijoomla:guru:5.2.5:*:*:*:*:joomla\\\\!:*:*\",\"matchCriteriaId\":\"D6913295-98AF-4FFF-8D41-A7B7F823AE03\"}]}]}],\"references\":[{\"url\":\"https://guru.ijoomla.com/changelog\",\"source\":\"security@joomla.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://guru.ijoomla.com/changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.