Anuncios de seguridad Joomla

Anuncios de seguridad Joomla

[20231101] - Core - Exposure of environment variables
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: High
- Probability: Low
- Versions:1.6.0-4.4.0, 5.0.0
- Exploit type: Information Disclosure
- Reported Date: 2023-07-14
- Fixed Date: 2023-11-21
- CVE Number: CVE-2023-40626
Description

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

Affected Installs

Joomla! CMS versions 1.6.0-4.4.0, 5.0.0

Solution

Upgrade to version 3.10.14-elts, 4.4.1 or 5.0.1

Contact

The JSST at the Joomla! Security Centre.
[20230502] - Core - Bruteforce prevention within the mfa screen
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: Moderate
- Probability: Low
- Versions:4.2.0-4.3.1
- Exploit type: Lack of rate limiting
- Reported Date: 2023-04-29
- Fixed Date: 2023-05-30
- CVE Number: CVE-2023-23755
Description

The lack of rate limiting allows brute force attacks against MFA methods.

Affected Installs

Joomla! CMS versions 4.2.0-4.3.1

Solution

Upgrade to version 4.3.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Phil Taylor
[20230501] - Core - Open Redirects and XSS within the mfa selection
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions:4.2.0-4.3.1
- Exploit type: Open Redirect / XSS
- Reported Date: 2023-02-28
- Fixed Date: 2023-05-28
- CVE Number: CVE-2023-23754
Description

Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.

Affected Installs

Joomla! CMS versions 4.2.0-4.3.1

Solution

Upgrade to version 4.3.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Srpopty from huntr.dev
[20230201] - Core - Improper access check in webservice endpoints
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: High
- Probability: High
- Versions:4.0.0-4.2.7
- Exploit type: Incorrect Access Control
- Reported Date: 2023-02-13
- Fixed Date: 2023-02-16
- CVE Number: CVE-2023-23752
Description

An improper access check allows unauthorized access to webservice endpoints.

Affected Installs

Joomla! CMS versions 4.0.0-4.2.7

Solution

Upgrade to version 4.2.8

Contact

The JSST at the Joomla! Security Centre.

Reported By: Zewei Zhang from NSFOCUS TIANJI Lab
[20221101] - Core - RXSS through reflection of user input in com_media
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Probability: Low
- Versions:4.0.0-4.2.4
- Exploit type: Reflexted XSS
- Reported Date: 2022-10-28
- Fixed Date: 2022-11-08
- CVE Number: CVE-2022-27914
Description

Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media..

Affected Installs

Joomla! CMS versions 4.0.0-4.2.4

Solution

Upgrade to version 4.2.5

Contact

The JSST at the Joomla! Security Centre.

Reported By:https://github.com/Denitz

Mas info

Sobre Nosotros

Nadie :-( , de vez en cuando tú haces clic en algún banner de publicidad. :-)

Somos un grupos amantes de la tecnología y sobretodo de la programación de Vigo (Galicia).

Te gustaría participar , encantados contar con contigo y nuevas ideas.

Registrarte aquí y envía un formulario alguno de los contactos indicandole en que quieres participar y que ideas tienes.

Le informamos que nuestro sitio web usa cookies propias y de terceros para poder prestar sus servicios.Al continuar navegando, entendemos que acepta su uso. Información