admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Joomla! 3.9.25

Browse Source
This commit is contained in:
zero-24 2021-03-02 03:31:46 +01:00
parent 3bd76ecdae
commit 515d3a2979
No known key found for this signature in database
GPG Key ID: A041B880A124AF84
10 changed files with 520 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2021/23xxx/CVE-2021-23126.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
]
}

58
2021/23xxx/CVE-2021-23127.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210301] - Core - Insecure randomness within 2FA secret generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html"
}
]
}

58
2021/23xxx/CVE-2021-23128.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210302] - Core - Potential Insecure FOFEncryptRandval"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Randomness"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html"
}
]
}

58
2021/23xxx/CVE-2021-23129.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210303] - Core - XSS within alert messages showed to users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "2.5.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html"
}
]
}

58
2021/23xxx/CVE-2021-23130.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23130",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210304] - Core - XSS within the feed parser library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "2.5.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html"
}
]
}

58
2021/23xxx/CVE-2021-23131.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210305] - Core - Input validation within the template manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.2.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html"
}
]
}

58
2021/23xxx/CVE-2021-23132.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-23132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210306] - Core - com_media allowed paths that are not intended for image uploads"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"
}
]
}

58
2021/26xxx/CVE-2021-26027.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-26027",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210307] - Core - ACL violation within com_content frontend editing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html"
}
]
}

58
2021/26xxx/CVE-2021-26028.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-26028",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210308] - Core - Path Traversal within joomla/archive zip class"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "3.0.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html"
}
]
}

58
2021/26xxx/CVE-2021-26029.json
View File

@ -1,17 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"ID": "CVE-2021-26029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_PUBLIC": "2021-03-02T16:00:00",
"STATE": "PUBLIC",
"TITLE": "[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Joomla! CMS",
"version": {
"version_data": [
{
"version_value": "1.6.0-3.9.24"
}
]
}
}
]
},
"vendor_name": "Joomla! Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACL Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html"
}
]
}