This feed provides announcements of resolved security issues in Joomla! software releases.

For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our Security article.

To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.

You can subscribe to notifications from this feed through a RSS reader.

  • Project: Joomla! / Joomla! Framework
  • SubProject: CMS / input
  • Impact: Moderate
  • Severity: Low
  • Probability: Low
  • Versions: 4.0.0 - 4.1.0
  • Exploit type: Variable Tampering
  • Reported Date: 2021-11-05
  • Fixed Date: 2022-03-29
  • CVE Number: CVE-2022-23799

Description

Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.

Affected Installs

Joomla! CMS versions 4.0.0 - 4.1.0

Solution

Upgrade to version 4.1.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Nicholas K. Dionysopoulos, Phil Taylor
  • Project: Joomla! / Joomla! Framework
  • SubProject: CMS / filter
  • Impact: Moderate
  • Severity: Low
  • Probability: Low
  • Versions: 4.0.0 - 4.1.0
  • Exploit type: XSS
  • Reported Date: 2022-01-19
  • Fixed Date: 2022-03-29
  • CVE Number: CVE-2022-23800

Description

Inadequate content filtering leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 4.0.0 - 4.1.0

Solution

Upgrade to version 4.1.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sebastian Morris, pwnCTRL
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Probability: Low
  • Versions: 4.0.0 - 4.1.0
  • Exploit type: XSS
  • Reported Date: 2021-08-25
  • Fixed Date: 2022-03-29
  • CVE Number: CVE-2022-23801

Description

Possible XSS attack vector through SVG embedding in com_media.

Affected Installs

Joomla! CMS versions 4.0.0 - 4.1.0

Solution

Upgrade to version 4.1.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Julia Polner, Simon Stockhause
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: High
  • Versions: 4.0.0
  • Exploit type: Incorrect Access Control
  • Reported Date: 2021-08-20
  • Fixed Date: 2021-08-24
  • CVE Number: CVE-2021-26040

Description

The media manager does not correctly check the user's permissions before executing a file deletion command.

Affected Installs

Joomla! CMS versions 4.0.0

Solution

Upgrade to version 4.0.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Maverick
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.0.0 - 3.9.27
  • Exploit type: XSS
  • Reported Date: 2021-06-22
  • Fixed Date: 2021-07-06
  • CVE Number: CVE-2021-26039

Description

Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.27

Solution

Upgrade to version 3.9.28

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hagai Wechsler / WhiteSourceSoftware
  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 2.5.0 - 3.9.27
  • Exploit type: Incorrect Access Control
  • Reported Date: 2021-06-06
  • Fixed Date: 2021-07-06
  • CVE Number: CVE-2021-26038

Description

Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.27

Solution

Upgrade to version 3.9.28

Contact

The JSST at the Joomla! Security Centre.

Reported By: Nicholas Dionysopoulos
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 2.5.0 - 3.9.27
  • Exploit type: Incorrect Session Handling
  • Reported Date: 2019-02-08
  • Fixed Date: 2021-07-06
  • CVE Number: CVE-2021-26037

Description

Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.27

Solution

Upgrade to version 3.9.28

Contact

The JSST at the Joomla! Security Centre.

Reported By: Carsten Schmitz, Atik Islam, Dennis Hermatski, Muhammad Hussain, th3lawbreaker, Hoang Kien
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 - 3.9.27
  • Exploit type: DoS
  • Reported Date: 2021-06-08
  • Fixed Date: 2021-07-06
  • CVE Number: CVE-2021-26036

Description

Missing validation of input could lead to a broken usergroups table.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.27

Solution

Upgrade to version 3.9.28

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.0.0 - 3.9.27
  • Exploit type: XSS
  • Reported Date: 2021-05-29
  • Fixed Date: 2021-07-06
  • CVE Number: CVE-2021-26035

Description

Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.27

Solution

Upgrade to version 3.9.28

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Nguyen
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 3.0.0 - 3.9.26
  • Exploit type: CSRF
  • Reported Date: 2021-05-07
  • Fixed Date: 2021-05-25
  • CVE Number: CVE-2021-26034

Description

A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.26

Solution

Upgrade to version 3.9.27

Contact

The JSST at the Joomla! Security Centre.

Reported By: Phil Taylor