Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-161
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Joomla! versions ant\u00e9rieures \u00e0 3.9.25",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23128",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23128"
},
{
"name": "CVE-2021-26028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26028"
},
{
"name": "CVE-2021-23130",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23130"
},
{
"name": "CVE-2021-26027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26027"
},
{
"name": "CVE-2021-23132",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23132"
},
{
"name": "CVE-2021-26029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26029"
},
{
"name": "CVE-2021-23127",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23127"
},
{
"name": "CVE-2021-23126",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23126"
},
{
"name": "CVE-2021-23131",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23131"
},
{
"name": "CVE-2021-23129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23129"
}
],
"initial_release_date": "2021-03-03T00:00:00",
"last_revision_date": "2021-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-161",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Joomla!. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Joomla!",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Joomla! 5834-joomla-3-9-25 du 02 mars 2021",
"url": "https://www.joomla.org/announcements/release-news/5834-joomla-3-9-25.html"
}
]
}
CVE-2021-23128 (GCVE-0-2021-23128)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insecure Randomness
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.2.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to \u0027random_bytes()\u0027 and its backport that is shipped within random_compat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Randomness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:19.495Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
],
"title": "[20210302] - Core - Potential Insecure FOFEncryptRandval",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23128",
"STATE": "PUBLIC",
"TITLE": "[20210302] - Core - Potential Insecure FOFEncryptRandval"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to \u0027random_bytes()\u0027 and its backport that is shipped within random_compat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23128",
"datePublished": "2021-03-04T17:37:14.499073Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:46:00.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23130 (GCVE-0-2021-23130)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-17 02:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XSS
Summary
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 2.5.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "2.5.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:49.568Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
],
"title": "[20210304] - Core - XSS within the feed parser library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23130",
"STATE": "PUBLIC",
"TITLE": "[20210304] - Core - XSS within the feed parser library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "2.5.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23130",
"datePublished": "2021-03-04T17:37:14.702009Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T02:21:25.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23126 (GCVE-0-2021-23126)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-16 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insecure Randomness
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.2.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Randomness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:43:07.439Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "[20210301] - Core - Insecure randomness within 2FA secret generation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23126",
"STATE": "PUBLIC",
"TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23126",
"datePublished": "2021-03-04T17:37:14.262006Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T19:56:11.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23131 (GCVE-0-2021-23131)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.2.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:43:29.330Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
],
"title": "[20210305] - Core - Input validation within the template manager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23131",
"STATE": "PUBLIC",
"TITLE": "[20210305] - Core - Input validation within the template manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23131",
"datePublished": "2021-03-04T17:37:14.799964Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T00:51:57.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26027 (GCVE-0-2021-26027)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-17 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- ACL violation
Summary
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.0.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ACL violation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:04.824Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
],
"title": "[20210307] - Core - ACL violation within com_content frontend editing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-26027",
"STATE": "PUBLIC",
"TITLE": "[20210307] - Core - ACL violation within com_content frontend editing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-26027",
"datePublished": "2021-03-04T17:37:15.005802Z",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-09-17T00:56:00.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26028 (GCVE-0-2021-26028)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-16 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal
Summary
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.0.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:07.514Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
],
"title": "[20210308] - Core - Path Traversal within joomla/archive zip class",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-26028",
"STATE": "PUBLIC",
"TITLE": "[20210308] - Core - Path Traversal within joomla/archive zip class"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-26028",
"datePublished": "2021-03-04T17:37:15.113567Z",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-09-16T20:46:55.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23127 (GCVE-0-2021-23127)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-16 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insecure Randomness
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.2.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Randomness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:41:43.519Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "[20210301] - Core - Insecure randomness within 2FA secret generation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23127",
"STATE": "PUBLIC",
"TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23127",
"datePublished": "2021-03-04T17:37:14.392198Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T23:32:03.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23129 (GCVE-0-2021-23129)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XSS
Summary
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 2.5.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "2.5.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:41:47.368Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
],
"title": "[20210303] - Core - XSS within alert messages showed to users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23129",
"STATE": "PUBLIC",
"TITLE": "[20210303] - Core - XSS within alert messages showed to users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "2.5.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23129",
"datePublished": "2021-03-04T17:37:14.594061Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T22:20:48.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26029 (GCVE-0-2021-26029)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-17 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- ACL Violation
Summary
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 1.6.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "1.6.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ACL Violation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:57.347Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
],
"title": "[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-26029",
"STATE": "PUBLIC",
"TITLE": "[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "1.6.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-26029",
"datePublished": "2021-03-04T17:37:15.215145Z",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-09-17T04:20:09.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23132 (GCVE-0-2021-23132)
Vulnerability from cvelistv5
Published
2021-03-04 17:37
Modified
2024-09-17 03:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Version: 3.0.0-3.9.24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:43:08.799Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
],
"title": "[20210306] - Core - com_media allowed paths that are not intended for image uploads",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23132",
"STATE": "PUBLIC",
"TITLE": "[20210306] - Core - com_media allowed paths that are not intended for image uploads"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23132",
"datePublished": "2021-03-04T17:37:14.907908Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:53:00.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…