Security Announcements
This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: High
- Probability: Low
- Versions: 1.6.0-4.4.0, 5.0.0
- Exploit type: Information Disclosure
- Reported Date: 2023-07-14
- Fixed Date: 2023-11-21
- CVE Number: CVE-2023-40626
Description
Affected Installs
Joomla! CMS versions 1.6.0-4.4.0, 5.0.0
Solution
Upgrade to version 3.10.14-elts, 4.4.1 or 5.0.1
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: Moderate
- Probability: Low
- Versions: 4.2.0-4.3.1
- Exploit type: Lack of rate limiting
- Reported Date: 2023-04-29
- Fixed Date: 2023-05-30
- CVE Number: CVE-2023-23755
Description
Affected Installs
Joomla! CMS versions 4.2.0-4.3.1
Solution
Upgrade to version 4.3.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.2.0-4.3.1
- Exploit type: Open Redirect / XSS
- Reported Date: 2023-02-28
- Fixed Date: 2023-05-28
- CVE Number: CVE-2023-23754
Description
Affected Installs
Joomla! CMS versions 4.2.0-4.3.1
Solution
Upgrade to version 4.3.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: High
- Probability: High
- Versions: 4.0.0-4.2.7
- Exploit type: Incorrect Access Control
- Reported Date: 2023-02-13
- Fixed Date: 2023-02-16
- CVE Number: CVE-2023-23752
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.2.7
Solution
Upgrade to version 4.2.8
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.0.0-4.2.4
- Exploit type: Reflexted XSS
- Reported Date: 2022-10-28
- Fixed Date: 2022-11-08
- CVE Number: CVE-2022-27914
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.2.4
Solution
Upgrade to version 4.2.5
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.0.0-4.2.6
- Exploit type: CSRF
- Reported Date: 2022-12-24
- Fixed Date: 2023-01-31
- CVE Number: CVE-2023-23750
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.2.6
Solution
Upgrade to version 4.2.7
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.0.0-4.2.6
- Exploit type: Incorrect Access Control
- Reported Date: 2023-01-01
- Fixed Date: 2023-01-31
- CVE Number: CVE-2023-23751
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.2.6
Solution
Upgrade to version 4.2.7
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.0.0-4.2.3
- Exploit type: Reflexted XSS
- Reported Date: 2022-10-07
- Fixed Date: 2022-10-25
- CVE Number: CVE-2022-27913
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.2.3
Solution
Upgrade to version 4.2.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: Low
- Probability: Low
- Versions: 4.0.0-4.2.3
- Exploit type: Information Disclosure
- Reported Date: 2022-10-13
- Fixed Date: 2022-10-25
- CVE Number: CVE-2022-27912
Description
Affected Installs
Joomla! CMS versions 4.0.0-4.2.3
Solution
Upgrade to version 4.2.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions: 4.2.0
- Exploit type: Path Disclosure
- Reported Date: 2022-08-27
- Fixed Date: 2022-08-30
- CVE Number: CVE-2022-27911
Description
Affected Installs
Joomla! CMS versions 4.2.0
Solution
Upgrade to version 4.2.1
Contact
The JSST at the Joomla! Security Centre.