Security Announcements
This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
[20210801] - Core - Insufficient access control for com_media deletion endpoint
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: High
- Versions: 4.0.0
- Exploit type: Incorrect Access Control
- Reported Date: 2021-08-20
- Fixed Date: 2021-08-24
- CVE Number: CVE-2021-26040
Description
The media manager does not correctly check the user's permissions before executing a file deletion command.
Affected Installs
Joomla! CMS versions 4.0.0
Solution
Upgrade to version 4.0.1
Contact
The JSST at the Joomla! Security Centre.
[20210705] - Core - XSS in com_media imagelist
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0 - 3.9.27
- Exploit type: XSS
- Reported Date: 2021-06-22
- Fixed Date: 2021-07-06
- CVE Number: CVE-2021-26039
Description
Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.27
Solution
Upgrade to version 3.9.28
Contact
The JSST at the Joomla! Security Centre.
[20210704] - Core - Privilege escalation through com_installer
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 - 3.9.27
- Exploit type: Incorrect Access Control
- Reported Date: 2021-06-06
- Fixed Date: 2021-07-06
- CVE Number: CVE-2021-26038
Description
Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.27
Solution
Upgrade to version 3.9.28
Contact
The JSST at the Joomla! Security Centre.
[20210703] - Core - Lack of enforced session termination
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 2.5.0 - 3.9.27
- Exploit type: Incorrect Session Handling
- Reported Date: 2019-02-08
- Fixed Date: 2021-07-06
- CVE Number: CVE-2021-26037
Description
Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.27
Solution
Upgrade to version 3.9.28
Contact
The JSST at the Joomla! Security Centre.
[20210702] - Core - DoS through usergroup table manipulation
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 - 3.9.27
- Exploit type: DoS
- Reported Date: 2021-06-08
- Fixed Date: 2021-07-06
- CVE Number: CVE-2021-26036
Description
Missing validation of input could lead to a broken usergroups table.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.27
Solution
Upgrade to version 3.9.28
Contact
The JSST at the Joomla! Security Centre.
[20210701] - Core - XSS in JForm Rules field
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 - 3.9.27
- Exploit type: XSS
- Reported Date: 2021-05-29
- Fixed Date: 2021-07-06
- CVE Number: CVE-2021-26035
Description
Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.27
Solution
Upgrade to version 3.9.28
Contact
The JSST at the Joomla! Security Centre.
[20210503] - Core - CSRF in data download endpoints
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 - 3.9.26
- Exploit type: CSRF
- Reported Date: 2021-05-07
- Fixed Date: 2021-05-25
- CVE Number: CVE-2021-26034
Description
A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.26
Solution
Upgrade to version 3.9.27
Contact
The JSST at the Joomla! Security Centre.
[20210502] - Core - CSRF in AJAX reordering endpoint
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 - 3.9.26
- Exploit type: CSRF
- Reported Date: 2021-05-07
- Fixed Date: 2021-05-25
- CVE Number: CVE-2021-26033
Description
A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.26
Solution
Upgrade to version 3.9.27
Contact
The JSST at the Joomla! Security Centre.
[20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 - 3.9.26
- Exploit type: XSS
- Reported Date: 2021-03-05
- Fixed Date: 2021-05-25
- CVE Number: CVE-2021-26032
Description
HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.26
Solution
Upgrade to version 3.9.27
Contact
The JSST at the Joomla! Security Centre.
[20210402] - Core - Inadequate filters on module layout settings
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 - 3.9.25
- Exploit type: LFI
- Reported Date: 2021-01-03
- Fixed Date: 2021-04-13
- CVE Number: CVE-2021-26031
Description
Inadequate filters on module layout settings could lead to an LFI.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.25
Solution
Upgrade to version 3.9.26
Contact
The JSST at the Joomla! Security Centre.