Security

  2. Home
  3. News
  4. Security Announcements

Security Announcements

  1. [20210801] - Core - Insufficient access control for com_media deletion endpoint

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: High
    • Versions:4.0.0
    • Exploit type: Incorrect Access Control
    • Reported Date: 2021-08-20
    • Fixed Date: 2021-08-24
    • CVE Number: CVE-2021-26040

    Description

    The media manager does not correctly check the user's permissions before executing a file deletion command.

    Affected Installs

    Joomla! CMS versions 4.0.0

    Solution

    Upgrade to version 4.0.1

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Maverick

  2. [20210705] - Core - XSS in com_media imagelist

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions:3.0.0 - 3.9.27
    • Exploit type: XSS
    • Reported Date: 2021-06-22
    • Fixed Date: 2021-07-06
    • CVE Number: CVE-2021-26039

    Description

    Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.27

    Solution

    Upgrade to version 3.9.28

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hagai Wechsler / WhiteSourceSoftware

  3. [20210704] - Core - Privilege escalation through com_installer

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions:2.5.0 - 3.9.27
    • Exploit type: Incorrect Access Control
    • Reported Date: 2021-06-06
    • Fixed Date: 2021-07-06
    • CVE Number: CVE-2021-26038

    Description

    Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.27

    Solution

    Upgrade to version 3.9.28

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Nicholas Dionysopoulos

  4. [20210703] - Core - Lack of enforced session termination

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions:2.5.0 - 3.9.27
    • Exploit type: Incorrect Session Handling
    • Reported Date: 2019-02-08
    • Fixed Date: 2021-07-06
    • CVE Number: CVE-2021-26037

    Description

    Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.27

    Solution

    Upgrade to version 3.9.28

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Carsten Schmitz, Atik Islam, Dennis Hermatski, Muhammad Hussain, th3lawbreaker, Hoang Kien

  5. [20210702] - Core - DoS through usergroup table manipulation

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions:2.5.0 - 3.9.27
    • Exploit type: DoS
    • Reported Date: 2021-06-08
    • Fixed Date: 2021-07-06
    • CVE Number: CVE-2021-26036

    Description

    Missing validation of input could lead to a broken usergroups table.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.27

    Solution

    Upgrade to version 3.9.28

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  6. [20210701] - Core - XSS in JForm Rules field

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions:3.0.0 - 3.9.27
    • Exploit type: XSS
    • Reported Date: 2021-05-29
    • Fixed Date: 2021-07-06
    • CVE Number: CVE-2021-26035

    Description

    Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.27

    Solution

    Upgrade to version 3.9.28

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hoang Nguyen

  7. [20210503] - Core - CSRF in data download endpoints

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions:3.0.0 - 3.9.26
    • Exploit type: CSRF
    • Reported Date: 2021-05-07
    • Fixed Date: 2021-05-25
    • CVE Number: CVE-2021-26034

    Description

    A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.26

    Solution

    Upgrade to version 3.9.27

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Phil Taylor

  8. [20210502] - Core - CSRF in AJAX reordering endpoint

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions:3.0.0 - 3.9.26
    • Exploit type: CSRF
    • Reported Date: 2021-05-07
    • Fixed Date: 2021-05-25
    • CVE Number: CVE-2021-26033

    Description

    A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.26

    Solution

    Upgrade to version 3.9.27

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Phil Taylor

  9. [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions:3.0.0 - 3.9.26
    • Exploit type: XSS
    • Reported Date: 2021-03-05
    • Fixed Date: 2021-05-25
    • CVE Number: CVE-2021-26032

    Description

    HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.26

    Solution

    Upgrade to version 3.9.27

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Adrian Tiron, Fortbridge

  10. [20210402] - Core - Inadequate filters on module layout settings

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions:3.0.0 - 3.9.25
    • Exploit type: LFI
    • Reported Date: 2021-01-03
    • Fixed Date: 2021-04-13
    • CVE Number: CVE-2021-26031

    Description

    Inadequate filters on module layout settings could lead to an LFI.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.25

    Solution

    Upgrade to version 3.9.26

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security