Security

  2. Home
  3. News
  4. Security Announcements

Security Announcements

  1. [20230502] - Core - Bruteforce prevention within the mfa screen

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Critical
    • Severity: Moderate
    • Probability: Low
    • Versions:4.2.0-4.3.1
    • Exploit type: Lack of rate limiting
    • Reported Date: 2023-04-29
    • Fixed Date: 2023-05-30
    • CVE Number: CVE-2023-23755

    Description

    The lack of rate limiting allows brute force attacks against MFA methods.

    Affected Installs

    Joomla! CMS versions 4.2.0-4.3.1

    Solution

    Upgrade to version 4.3.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Phil Taylor

  2. [20230501] - Core - Open Redirects and XSS within the mfa selection

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.2.0-4.3.1
    • Exploit type: Open Redirect / XSS
    • Reported Date: 2023-02-28
    • Fixed Date: 2023-05-28
    • CVE Number: CVE-2023-23754

    Description

    Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

    Affected Installs

    Joomla! CMS versions 4.2.0-4.3.1

    Solution

    Upgrade to version 4.3.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Srpopty from huntr.dev

  3. [20230201] - Core - Improper access check in webservice endpoints

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Critical
    • Severity: High
    • Probability: High
    • Versions:4.0.0-4.2.7
    • Exploit type: Incorrect Access Control
    • Reported Date: 2023-02-13
    • Fixed Date: 2023-02-16
    • CVE Number: CVE-2023-23752

    Description

    An improper access check allows unauthorized access to webservice endpoints.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.7

    Solution

    Upgrade to version 4.2.8

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Zewei Zhang from NSFOCUS TIANJI Lab

  4. [20221101] - Core - RXSS through reflection of user input in com_media

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.4
    • Exploit type: Reflexted XSS
    • Reported Date: 2022-10-28
    • Fixed Date: 2022-11-08
    • CVE Number: CVE-2022-27914

    Description

    Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media..

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.4

    Solution

    Upgrade to version 4.2.5

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:https://github.com/Denitz

  5. [20230101] - Core - CSRF within post-installation messages

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.6
    • Exploit type: CSRF
    • Reported Date: 2022-12-24
    • Fixed Date: 2023-01-31
    • CVE Number: CVE-2023-23750

    Description

    A missing token check causes a CSRF vulnerability in the handling of post-installation messages.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.6

    Solution

    Upgrade to version 4.2.7

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Faizan Wani

  6. [20230102] - Core - Missing ACL checks for com_actionlogs

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.6
    • Exploit type: Incorrect Access Control
    • Reported Date: 2023-01-01
    • Fixed Date: 2023-01-31
    • CVE Number: CVE-2023-23751

    Description

    A missing ACL check allows non super-admin users to access com_actionlogs.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.6

    Solution

    Upgrade to version 4.2.7

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Faizan Wani

  7. [20221002] - Core - RXSS through reflection of user input in headings

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.3
    • Exploit type: Reflexted XSS
    • Reported Date: 2022-10-07
    • Fixed Date: 2022-10-25
    • CVE Number: CVE-2022-27913

    Description

    Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.3

    Solution

    Upgrade to version 4.2.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Ajith Menon

  8. [20221001] - Core - Disclosure of critical information in debug mode

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Critical
    • Severity: Low
    • Probability: Low
    • Versions:4.0.0-4.2.3
    • Exploit type: Information Disclosure
    • Reported Date: 2022-10-13
    • Fixed Date: 2022-10-25
    • CVE Number: CVE-2022-27912

    Description

    Joomla 4 sites with publicly enabled debug mode exposed data of previous requests.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.2.3

    Solution

    Upgrade to version 4.2.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Peter Martin

  9. [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Probability: Low
    • Versions:4.2.0
    • Exploit type: Path Disclosure
    • Reported Date: 2022-08-27
    • Fixed Date: 2022-08-30
    • CVE Number: CVE-2022-27911

    Description

    Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes done in 4.2.0. According to PROD2020/023 and in coordination with the JSST this has been patched in the public tracker vis #38615

    Affected Installs

    Joomla! CMS versions 4.2.0

    Solution

    Upgrade to version 4.2.1

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:SharkyKZ

  10. [20220301] - Core - Zip Slip within the Tar extractor

    • Project: Joomla! / Joomla! Framework
    • SubProject: CMS / archive
    • Impact: Moderate
    • Severity: Low
    • Probability: Low
    • Versions:3.0.0 - 3.10.6 & 4.0.0 - 4.1.0
    • Exploit type: Path Traversal
    • Reported Date: 2022-02-20
    • Fixed Date: 2022-03-29
    • CVE Number: CVE-2022-23793

    Description

    Extracting an specifilcy crafted tar package could write files outside of the intended path.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0

    Solution

    Upgrade to version 3.10.7 or 4.1.1

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Egidio Romano