CVE-2023-23752: Unauthorized Access Webservice Endpoint Exploit in Joomla! 4.. to 4.2.7

A critical vulnerability has been discovered in the popular content management system (CMS) Joomla! versions 4.. through 4.2.7. This vulnerability, assigned the identifier CVE-2023-23752, allows for improper access checks and grants unauthorized access to webservice endpoints. This can lead to potentially serious security breaches and unauthorized data manipulation within the affected website.

Exploit Details

The vulnerability in Joomla! allows malicious actors to gain unauthorized access to the webservice endpoints by bypassing the normal access control mechanism. This is possible because of a flaw in the way Joomla! validates the permissions of the user making the API request. As a result, attackers can gain access to sensitive information, carry out actions on behalf of other users, and even modify application data.

Here's a code snippet illustrating the vulnerable part of the code in Joomla!

public function getApiToken()
{
  $user = Factory::getUser();
  $webserviceToken = $user->getParam('api_token', '');

  if (empty($webserviceToken))
  {
    // ... 
  }

  return $webserviceToken;
}

This function retrieves the API token for a user. However, it does not perform any access checks to ensure that the user has the necessary permissions to access the webservice. Consequently, it is possible for attackers to exploit this vulnerability and make unauthorized requests using the API token.

Original References

The vulnerability was first reported through the official Joomla! Issue Tracker as issue #35410 by security researcher. Joomla! developers quickly acknowledged the vulnerability and released a patch to address the issue in Joomla! version 4.2.8.

The official Joomla! Security Centre has published a security announcement for this vulnerability, providing details on the affected versions, attacker exploitation methods and mitigation steps to be taken.

Mitigation and Remediation

The Joomla! development team has issued a patch for the vulnerability in Joomla! version 4.2.8. All users are urged to update their Joomla! installations to this version or newer as soon as possible.

To update your Joomla! installation, you can follow the steps provided in the official Joomla! Documentation. Please ensure to take a full backup of your site before updating to prevent any data loss or potential issues during the update process.

Conclusion

This newly discovered Joomla! vulnerability (CVE-2023-23752) highlights the importance of keeping your website's CMS updated with the latest patches and security fixes. By following security best practices and promptly addressing known vulnerabilities, website owners and administrators can help protect their websites from unauthorized access and potential data breaches.

Timeline

Published on: 02/16/2023 17:15:00 UTC
Last modified on: 02/24/2023 16:17:00 UTC