Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-161
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Joomla! versions ant\u00e9rieures \u00e0 3.9.25",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23128",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23128"
},
{
"name": "CVE-2021-26028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26028"
},
{
"name": "CVE-2021-23130",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23130"
},
{
"name": "CVE-2021-26027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26027"
},
{
"name": "CVE-2021-23132",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23132"
},
{
"name": "CVE-2021-26029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26029"
},
{
"name": "CVE-2021-23127",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23127"
},
{
"name": "CVE-2021-23126",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23126"
},
{
"name": "CVE-2021-23131",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23131"
},
{
"name": "CVE-2021-23129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23129"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-161",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Joomla!. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Joomla!",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Joomla! 5834-joomla-3-9-25 du 02 mars 2021",
"url": "https://www.joomla.org/announcements/release-news/5834-joomla-3-9-25.html"
}
]
}
CVE-2021-23132 (GCVE-0-2021-23132)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-17 03:53
VLAI?
EPSS
Title
[20210306] - Core - com_media allowed paths that are not intended for image uploads
Summary
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:43:08.799Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
],
"title": "[20210306] - Core - com_media allowed paths that are not intended for image uploads",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23132",
"STATE": "PUBLIC",
"TITLE": "[20210306] - Core - com_media allowed paths that are not intended for image uploads"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23132",
"datePublished": "2021-03-04T17:37:14.907908Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:53:00.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26028 (GCVE-0-2021-26028)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-16 20:46
VLAI?
EPSS
Title
[20210308] - Core - Path Traversal within joomla/archive zip class
Summary
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
Severity ?
No CVSS data available.
CWE
- Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:07.514Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
],
"title": "[20210308] - Core - Path Traversal within joomla/archive zip class",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-26028",
"STATE": "PUBLIC",
"TITLE": "[20210308] - Core - Path Traversal within joomla/archive zip class"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-26028",
"datePublished": "2021-03-04T17:37:15.113567Z",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-09-16T20:46:55.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23130 (GCVE-0-2021-23130)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-17 02:21
VLAI?
EPSS
Title
[20210304] - Core - XSS within the feed parser library
Summary
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
2.5.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "2.5.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:49.568Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
],
"title": "[20210304] - Core - XSS within the feed parser library",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23130",
"STATE": "PUBLIC",
"TITLE": "[20210304] - Core - XSS within the feed parser library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "2.5.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23130",
"datePublished": "2021-03-04T17:37:14.702009Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T02:21:25.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23126 (GCVE-0-2021-23126)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-16 19:56
VLAI?
EPSS
Title
[20210301] - Core - Insecure randomness within 2FA secret generation
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
Severity ?
No CVSS data available.
CWE
- Insecure Randomness
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.2.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Randomness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:43:07.439Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "[20210301] - Core - Insecure randomness within 2FA secret generation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23126",
"STATE": "PUBLIC",
"TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23126",
"datePublished": "2021-03-04T17:37:14.262006Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T19:56:11.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23131 (GCVE-0-2021-23131)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-17 00:51
VLAI?
EPSS
Title
[20210305] - Core - Input validation within the template manager
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.2.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:43:29.330Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
],
"title": "[20210305] - Core - Input validation within the template manager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23131",
"STATE": "PUBLIC",
"TITLE": "[20210305] - Core - Input validation within the template manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23131",
"datePublished": "2021-03-04T17:37:14.799964Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T00:51:57.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23127 (GCVE-0-2021-23127)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-16 23:32
VLAI?
EPSS
Title
[20210301] - Core - Insecure randomness within 2FA secret generation
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
Severity ?
No CVSS data available.
CWE
- Insecure Randomness
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.2.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Randomness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:41:43.519Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
],
"title": "[20210301] - Core - Insecure randomness within 2FA secret generation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23127",
"STATE": "PUBLIC",
"TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23127",
"datePublished": "2021-03-04T17:37:14.392198Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T23:32:03.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23128 (GCVE-0-2021-23128)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-17 01:46
VLAI?
EPSS
Title
[20210302] - Core - Potential Insecure FOFEncryptRandval
Summary
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
Severity ?
No CVSS data available.
CWE
- Insecure Randomness
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.2.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.2.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to \u0027random_bytes()\u0027 and its backport that is shipped within random_compat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Randomness",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:19.495Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
],
"title": "[20210302] - Core - Potential Insecure FOFEncryptRandval",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23128",
"STATE": "PUBLIC",
"TITLE": "[20210302] - Core - Potential Insecure FOFEncryptRandval"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to \u0027random_bytes()\u0027 and its backport that is shipped within random_compat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23128",
"datePublished": "2021-03-04T17:37:14.499073Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:46:00.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26029 (GCVE-0-2021-26029)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-17 04:20
VLAI?
EPSS
Title
[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field
Summary
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
Severity ?
No CVSS data available.
CWE
- ACL Violation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
1.6.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "1.6.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ACL Violation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:57.347Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
],
"title": "[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-26029",
"STATE": "PUBLIC",
"TITLE": "[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "1.6.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-26029",
"datePublished": "2021-03-04T17:37:15.215145Z",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-09-17T04:20:09.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26027 (GCVE-0-2021-26027)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-17 00:56
VLAI?
EPSS
Title
[20210307] - Core - ACL violation within com_content frontend editing
Summary
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
Severity ?
No CVSS data available.
CWE
- ACL violation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
3.0.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "3.0.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ACL violation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:04.824Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
],
"title": "[20210307] - Core - ACL violation within com_content frontend editing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-26027",
"STATE": "PUBLIC",
"TITLE": "[20210307] - Core - ACL violation within com_content frontend editing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-26027",
"datePublished": "2021-03-04T17:37:15.005802Z",
"dateReserved": "2021-01-25T00:00:00",
"dateUpdated": "2024-09-17T00:56:00.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23129 (GCVE-0-2021-23129)
Vulnerability from cvelistv5 – Published: 2021-03-04 17:37 – Updated: 2024-09-16 22:20
VLAI?
EPSS
Title
[20210303] - Core - XSS within alert messages showed to users
Summary
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Joomla! Project | Joomla! CMS |
Affected:
2.5.0-3.9.24
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Joomla! CMS",
"vendor": "Joomla! Project",
"versions": [
{
"status": "affected",
"version": "2.5.0-3.9.24"
}
]
}
],
"datePublic": "2021-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:41:47.368Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
],
"title": "[20210303] - Core - XSS within alert messages showed to users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2021-03-02T16:00:00",
"ID": "CVE-2021-23129",
"STATE": "PUBLIC",
"TITLE": "[20210303] - Core - XSS within alert messages showed to users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "2.5.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2021-23129",
"datePublished": "2021-03-04T17:37:14.594061Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-16T22:20:48.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…