[20221001] - Core - Disclosure of critical information in debug mode

Project: Joomla!
SubProject: CMS
Impact: Critical
Severity: Low
Probability: Low
Versions: 4.0.0-4.2.3
Exploit type: Information Disclosure
Reported Date: 2022-10-13
Fixed Date: 2022-10-25
CVE Number: CVE-2022-27912

Description

Joomla 4 sites with publicly enabled debug mode exposed data of previous requests.

Affected Installs

Joomla! CMS versions 4.0.0-4.2.3

Solution

Upgrade to version 4.2.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Peter Martin