CVE-2023-23750: 
Joomla vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Joomla! versions 4.0.0 through 4.2.6, identified as CVE-2023-23750. The vulnerability was reported on December 24, 2022, and fixed on January 31, 2023. The issue stems from a missing token check in the handling of post-installation messages (Joomla Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The security flaw is categorized as CWE-352 (Cross-Site Request Forgery). The vulnerability specifically affects the post-installation message handling mechanism where a missing security token check enables CSRF attacks (NVD).

The CSRF vulnerability allows attackers to perform unauthorized actions in the context of an authenticated user's session. With a CVSS score indicating low impact across confidentiality, integrity, and availability, the overall severity is considered low to medium (NVD).

The vulnerability was patched in Joomla! version 4.2.7. Users running affected versions (4.0.0-4.2.6) should upgrade to version 4.2.7 or later to mitigate this security risk (Joomla Advisory).