Security Announcements
This feed provides announcements of resolved security issues in Joomla! software releases.
For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.
To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.
You can subscribe to notifications from this feed through a RSS reader or email notifications via FeedBurner.
[20120203] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.0 and 1.7.0 - 1.7.4
- Exploit type: Information Disclosure
- Reported Date: 2012-January-29
- Fixed Date: 2012-February-02
Description
Inadequate validation leads to path disclosure in administrator.
Affected Installs
Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution
Upgrade to version 2.5.1 or 1.7.5 or higher
Contact
The JSST at the Joomla! Security Centre.
[20120101] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: Information Disclosure
- Reported Date: 2012-January-07
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Contact
The JSST at the Joomla! Security Centre.
[20120102] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: XSS Vulnerability
- Reported Date: 2011-November-16
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Contact
The JSST at the Joomla! Security Centre.
[20120103] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
- Exploit type: Information Disclosure
- Reported Date: 2011-December-19
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to information disclosure.
Affected Installs
Joomla! version 1.7.3 and all earlier versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Contact
The JSST at the Joomla! Security Centre.
[20120104] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.3 and all earlier versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-January-22
- Fixed Date: 2012-January-24
Description
Inadequate filtering leads to XSS vulnerability.
Affected Installs
Joomla! version 1.7.3 and all earlier 1.7 and 1.6 versions
Solution
Upgrade to version 1.7.4 or 2.5.0 or higher
Contact
The JSST at the Joomla! Security Centre.
[20111101] - Core - XSS Vulnerability
- Project: Joomla!
- SubProject: All
- Severity: Medium
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: XSS
- Reported Date: 2011-October-21
- Fixed Date: 2011-November-14
Description
Inadequate filtering leads to XSS vulnerability in back end.
Affected Installs
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.3 or later)
Contact
The JSST at the Joomla! Security Centre.
[20111102] - Core - Password Change
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.7.2 and all 1.6.x versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Description
Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs
Joomla! version 1.7.2 and all earlier 1.7.x and 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.3 or later)
Contact
The JSST at the Joomla! Security Centre.
[20111103] - Core - Password Change
- Project: Joomla!
- SubProject: All
- Severity: High
- Versions: 1.5.24 and all earlier 1.5 versions
- Exploit type: Password Change
- Reported Date: 2011-October-28
- Fixed Date: 2011-November-14
Description
Weak random number generation during password reset leads to possibility of changing a user's password.
Affected Installs
Joomla! version 1.5.24 and all earlier 1.5 versions
Solution
Upgrade to the latest Joomla! 1.5 version (1.5.25 or later)
Contact
The JSST at the Joomla! Security Centre.
[20111001] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 1.7.1
- Exploit type: Information Disclosure
- Reported Date: 2011-September-09
- Fixed Date: 2011-October-17
Description
Weak encryption causes potential information disclosure.
Affected Installs
Joomla! version 1.7.1 and earlier
Solution
Upgrade to the latest Joomla! version (1.7.2 or later)
Contact
The JSST at the Joomla! Security Centre.
[20111002] - Core - Information Disclosure
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 1.7.1
- Exploit type: Information Disclosure
- Reported Date: 2011-August-02
- Fixed Date: 2011-October-17
Description
Inadequate error checking causes potential information disclosure.
Affected Installs
Joomla! version 1.7.1 and earlier
Solution
Upgrade to the latest Joomla! version (1.7.2 or later)
Contact
The JSST at the Joomla! Security Centre.