CINXE.COM
Security Announcements
<!DOCTYPE html> <html lang="en-gb" dir="ltr"> <head> <meta charset="utf-8"> <meta name="twitter:image" content="https://developer.joomla.org/images/security_centre.png"> <meta name="twitter:title" content="Security Centre"> <meta name="twitter:description" content="Feed containing all security announcements from the Joomla! project."> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="blue"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@joomla"> <meta name="referrer" content="unsafe-url"> <meta property="og:image" content="https://developer.joomla.org/images/security_centre.png"> <meta property="og:image:width" content="869"> <meta property="og:image:height" content="360"> <meta property="og:image:type" content="image/png"> <meta property="og:title" content="Security Centre"> <meta property="og:type" content="article"> <meta property="og:url" content="https://developer.joomla.org/security-centre.html"> <meta property="og:description" content="Feed containing all security announcements from the Joomla! project."> <meta property="og:site_name" content="Joomla! Developer Network™"> <meta name="description" content="Feed containing all security announcements from the Joomla! project."> <meta name="generator" content="Joomla! - Open Source Content Management"> <title>Security Announcements</title> <link href="/security-centre.feed?type=rss" rel="alternate" type="application/rss+xml" title="Security Announcements"> <link href="/security-centre.feed?type=atom" rel="alternate" type="application/atom+xml" title="Security Announcements"> <link href="/templates/joomla/images/apple-touch-icon-180x180.png" rel="apple-touch-icon" sizes="180x180"> <link href="/templates/joomla/images/apple-touch-icon-152x152.png" rel="apple-touch-icon" sizes="152x152"> <link href="/templates/joomla/images/apple-touch-icon-144x144.png" rel="apple-touch-icon" sizes="144x144"> <link href="/templates/joomla/images/apple-touch-icon-120x120.png" rel="apple-touch-icon" sizes="120x120"> <link href="/templates/joomla/images/apple-touch-icon-114x114.png" rel="apple-touch-icon" sizes="114x114"> <link href="/templates/joomla/images/apple-touch-icon-76x76.png" rel="apple-touch-icon" sizes="76x76"> <link href="/templates/joomla/images/apple-touch-icon-72x72.png" rel="apple-touch-icon" sizes="72x72"> <link href="/templates/joomla/images/apple-touch-icon-57x57.png" rel="apple-touch-icon" sizes="57x57"> <link href="/templates/joomla/images/apple-touch-icon.png" rel="apple-touch-icon"> <link href="https://developer.joomla.org/search.opensearch" rel="search" title="OpenSearch Joomla! Developer Network™" type="application/opensearchdescription+xml"> <link href="/templates/joomla/favicon.ico" rel="icon" type="image/vnd.microsoft.icon"> <link href="/media/system/css/joomla-fontawesome.min.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <link href="https://cdn.joomla.org/template/css/template_4.0.9.min.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;700&display=swap" rel="stylesheet" crossorigin="anonymous" /> <link href="/media/vendor/awesomplete/css/awesomplete.css?1.1.5" rel="stylesheet" /> <link href="/media/vendor/joomla-custom-elements/css/joomla-alert.min.css?0.2.0" rel="stylesheet" /> <link href="/media/templates/site/joomla/css/custom.css?dde9c780ad8e78890daeddcd06b19d2b" rel="stylesheet" /> <script src="/media/templates/site/joomla/js/blockadblock.js?3.2.1" defer></script> <script src="/media/templates/site/joomla/js/js.cookie.js?2.1.4" defer></script> <script src="/media/vendor/skipto/js/skipto.min.js?4.1.7" defer></script> <script src="/media/templates/site/joomla/js/template.js?dde9c780ad8e78890daeddcd06b19d2b" defer></script> <script src="/media/mod_menu/js/menu-es5.min.js?dde9c780ad8e78890daeddcd06b19d2b" nomodule defer></script> <script type="application/json" class="joomla-script-options new">{"skipto-settings":{"settings":{"skipTo":{"enableActions":false,"enableHeadingLevelShortcuts":false,"accesskey":"9","displayOption":"popup","buttonLabel":"Keyboard Navigation","buttonTooltipAccesskey":"Access key is $key","landmarkGroupLabel":"Landmarks","headingGroupLabel":"Page Outline","mofnGroupLabel":" ($m of $n)","headingLevelLabel":"Heading level","mainLabel":"Main","searchLabel":"Search","navLabel":"Navigation","regionLabel":"Region","asideLabel":"Aside","footerLabel":"Footer","headerLabel":"Header","formLabel":"Form","msgNoLandmarksFound":"No landmarks to skip to","msgNoHeadingsFound":"No headings to skip to","headings":"h1, h2, h3","landmarks":"main, nav, search, aside, header, footer, form","attachElement":".navigation"}}},"joomla.jtext":{"MOD_FINDER_SEARCH_VALUE":"Search …","JLIB_JS_AJAX_ERROR_OTHER":"An error has occurred while fetching the JSON data: HTTP %s status code.","JLIB_JS_AJAX_ERROR_PARSE":"A parse error has occurred while processing the following JSON data:<br><code style=\"color:inherit;white-space:pre-wrap;padding:0;margin:0;border:0;background:inherit;\">%s<\/code>","ERROR":"Error","MESSAGE":"Message","NOTICE":"Notice","WARNING":"Warning","JCLOSE":"Close","JOK":"OK","JOPEN":"Open"},"finder-search":{"url":"\/component\/finder\/?task=suggestions.suggest&format=json&tmpl=component&Itemid=435"},"system.paths":{"root":"","rootFull":"https:\/\/developer.joomla.org\/","base":"","baseFull":"https:\/\/developer.joomla.org\/"},"csrf.token":"48b06a67f6556e7fe356cc562232cc4d"}</script> <script src="/media/system/js/core.min.js?37ffe4186289eba9c5df81bea44080aff77b9684"></script> <script src="/media/vendor/bootstrap/js/bootstrap-es5.min.js?5.3.2" nomodule defer></script> <script src="/media/com_finder/js/finder-es5.min.js?e6d3d1f535e33b5641e406eb08d15093e7038cc2" nomodule defer></script> <script src="/media/system/js/messages-es5.min.js?c29829fd2432533d05b15b771f86c6637708bd9d" nomodule defer></script> <script src="/media/vendor/bootstrap/js/collapse.min.js?5.3.2" type="module"></script> <script src="/media/vendor/bootstrap/js/dropdown.min.js?5.3.2" type="module"></script> <script src="/media/vendor/awesomplete/js/awesomplete.min.js?1.1.5" defer></script> <script src="/media/com_finder/js/finder.min.js?a2c3894d062787a266d59d457ffba5481b639f64" type="module"></script> <script src="/media/system/js/messages.min.js?7f7aa28ac8e8d42145850e8b45b3bc82ff9a6411" type="module"></script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"https:\/\/developer.joomla.org\/","name":"Home"}},{"@type":"ListItem","position":2,"item":{"@id":"https:\/\/developer.joomla.org\/security-centre.html","name":"Security Announcements"}}]}</script> <script> var _prum = [['id', '59300ad15992c776ad970068'], ['mark', 'firstbyte', (new Date()).getTime()]]; (function() { var s = document.getElementsByTagName('script')[0] , p = document.createElement('script'); p.async = 'async'; p.src = 'https://rum-static.pingdom.net/prum.min.js'; s.parentNode.insertBefore(p, s); })(); </script> </head> <body class="site com_content view-category layout-blog task-display itemid-565"> <!-- Google Tag Manager --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WJ36D4" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-WJ36D4');</script> <!-- End Google Tag Manager --> <!-- Top Nav --> <nav class="navigation" role="navigation" aria-label="Cross Site Menu"> <div id="mega-menu" class="navbar navbar-expand-md py-md-1"> <div class="container-xxl"> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#primaryMenu" aria-controls="primaryMenu" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="navbar-collapse collapse" id="primaryMenu"> <ul id="nav-joomla" class="navbar-nav"> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> <span dir="ltr"><span aria-hidden="true" class="fab fa-joomla"></span> Joomla!<sup>®</sup></span> <span class="caret"></span> </button> <ul class="dropdown-menu"> <li class="dropdown-item nav-header"><span>About us</span></li> <li> <a class="dropdown-item" href="https://www.joomla.org"> <span aria-hidden="true" class="icon-joomla"></span> Joomla Home </a> </li> <li><a class="dropdown-item" href="https://www.joomla.org/about-joomla.html">What is Joomla?</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/core-features.html">Benefits & Features</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/about-joomla/the-project.html">Project & Leadership</a></li> <li><a class="dropdown-item" href="https://tm.joomla.org">Trademark & Licensing</a></li> <li><a class="dropdown-item" href="https://joomlafoundation.org">The Joomla Foundation</a></li> <li class="dropdown-divider"></li> <li class="dropdown-item nav-header"><span>Support us</span></li> <li><a class="dropdown-item" href="https://www.joomla.org/contribute-to-joomla.html">Contribute</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/sponsor.html">Sponsor</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/about-joomla/partners.html">Partner</a></li> <li><a class="dropdown-item" href="https://shop.joomla.org">Shop</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Download & Extend <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://downloads.joomla.org">Downloads</a></li> <li><a class="dropdown-item" href="https://extensions.joomla.org">Extensions</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/translations.html">Languages</a></li> <li><a class="dropdown-item" href="https://launch.joomla.org">Get a free site</a></li> <li><a class="dropdown-item" href="https://domains.joomla.org">Get a domain</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Discover & Learn <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://docs.joomla.org">Documentation</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/joomla-training.html">Training</a></li> <li><a class="dropdown-item" href="https://certification.joomla.org">Certification</a></li> <li><a class="dropdown-item" href="https://showcase.joomla.org">Site Showcase</a></li> <li><a class="dropdown-item" href="https://www.joomla.org/announcements.html">Announcements</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/blogs.html">Blogs</a></li> <li><a class="dropdown-item" href="https://magazine.joomla.org">Magazine</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Community & Support <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://community.joomla.org">Community Portal</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/events.html">Events</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/user-groups.html">User Groups</a></li> <li><a class="dropdown-item" href="https://forum.joomla.org">Forum</a></li> <li><a class="dropdown-item" href="https://community.joomla.org/service-providers-directory.html">Service Providers Directory</a></li> <li><a class="dropdown-item" href="https://volunteers.joomla.org">Volunteers Portal</a></li> <li><a class="dropdown-item" href="https://extensions.joomla.org/vulnerable-extensions/vulnerable/">Vulnerable Extensions List</a></li> </ul> </li> <li class="dropdown"> <button type="button" class="btn dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Developer Resources <span class="caret"></span> </button> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="https://developer.joomla.org">Developer Network</a></li> <li><a class="dropdown-item" href="https://developer.joomla.org/security.html">Security Centre</a></li> <li><a class="dropdown-item" href="https://issues.joomla.org">Issue Tracker</a></li> <li><a class="dropdown-item" href="https://github.com/joomla">GitHub</a></li> <li><a class="dropdown-item" href="https://api.joomla.org">API Documentation</a></li> <li><a class="dropdown-item" href="https://framework.joomla.org"><span dir="ltr">Joomla!</span> Framework</a></li> </ul> </li> </ul> <div id="nav-search" class="navbar-search float-md-end"> <form class="mod-finder js-finder-searchform form-search" action="/search.html" method="get" role="search"> <label for="mod-finder-searchword84" class="visually-hidden finder">Search</label><input type="text" name="q" id="mod-finder-searchword84" class="js-finder-search-query form-control" value="" placeholder="Search …"> </form> </div> </div> </div> </div> </nav> <!-- Header --> <header class="header"> <div class="container-md"> <div class="row"> <div class="col-md-7"> <h1 class="page-title"> <a href="/"> <img height="50px;" src="https://cdn.joomla.org/images/joomla-colours-logo.svg" alt="Joomla!" class="site-logo me-2 mb-1"> Developer Network™ </a> </h1> </div> <div class="col-md-5"> <div class="btn-toolbar pt-md-1 row"> <div class="btn-group col-6"> <a href="https://downloads.joomla.org/" class="btn btn-lg btn-warning">Download</a> </div> <div class="btn-group col-6"> <a href="https://launch.joomla.org" class="btn btn-lg btn-primary">Launch<span aria-hidden="true" class="icon-rocket"></span></a> </div> </div> </div> </div> </div> </header> <nav class="subnav-wrapper" aria-label="Primary Menu"> <div class="subnav"> <div class="container-md"> <ul class="mod-menu mod-list nav nav-pills"> <li class="nav-item item-435 default"><a href="/" class="nav-link">Home</a></li><li class="nav-item item-465"><a href="/news.html" class="nav-link">News</a></li><li class="nav-item item-743"><a href="/roadmap.html" class="nav-link">Project Roadmap</a></li><li class="nav-item item-479 parent"><a href="/cms.html" class="nav-link">CMS</a></li><li class="nav-item item-478 parent"><a href="/framework.html" class="nav-link">Framework</a></li><li class="nav-item item-480 parent"><a href="/tracker.html" class="nav-link">Tracker</a></li><li class="nav-item item-482 parent"><a href="/about.html" class="nav-link">About</a></li><li class="nav-item item-516"><a href="/security.html" class="nav-link">Security</a></li></ul> </div> </div> </nav> <!-- Body --> <div class="body"> <div class="container"> <div class="row"> <main id="content" class="col-md-9"> <!-- Begin Content --> <div id="system-message-container" aria-live="polite"></div> <div class="com-content-category-blog blog" itemscope itemtype="https://schema.org/Blog"> <div class="page-header"> <h1> Security Announcements </h1> </div> <div class="category-desc clearfix"> <p class="lead">This feed provides announcements of resolved security issues in Joomla! software releases.</p> <p>For more information about the Joomla! Security Strike Team (JSST) and its processes, please review our <a href="/security.html">Security</a> article.</p> <p>To report potential security issues, please follow the guidelines in the above referenced article. Please note that we are only able to provide support for the Joomla! CMS, Joomla! Framework, and *.joomla.org network of websites.</p> <p>You can subscribe to notifications from this feed through a <a href="/security-centre.feed?type=rss">RSS reader.</a></p> </div> <div class="com-content-category-blog__items blog-items "> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/831-20201104-core-sql-injection-in-com-users-list-view.html" itemprop="url"> [20201104] - Core - SQL injection in com_users list view </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> High</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.0.0-3.9.22</li> <li><strong>Exploit type:</strong> SQL Injection</li> <li><strong>Reported Date:</strong> 2020-10-13</li> <li><strong>Fixed Date:</strong> 2020-11-24</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35613" target="_blank" rel="noopener noreferrer">CVE-2020-35613</a></li> </ul> <h3>Description</h3> <p>Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.0.0 - 3.9.22</p> <h3>Solution</h3> <p>Upgrade to version 3.9.23</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong> ka1n4t</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html" itemprop="url"> [20201103] - Core - Path traversal in mod_random_image </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Moderate</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 2.5.0-3.9.22</li> <li><strong>Exploit type:</strong> Path traversal</li> <li><strong>Reported Date:</strong> 2020-10-06</li> <li><strong>Fixed Date:</strong> 2020-11-24</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35612" target="_blank" rel="noopener noreferrer">CVE-2020-35612</a></li> </ul> <h3>Description</h3> <p>The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 2.5.0 - 3.9.22</p> <h3>Solution</h3> <p>Upgrade to version 3.9.23</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong> Lee Thao from Viettel Cyber Security, Phil Taylor</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html" itemprop="url"> [20201102] - Core - Disclosure of secrets in Global Configuration page </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Moderate</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 2.5.0-3.9.22</li> <li><strong>Exploit type:</strong> Information Disclosure</li> <li><strong>Reported Date:</strong> 2020-09-23</li> <li><strong>Fixed Date:</strong> 2020-11-24</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35611" target="_blank" rel="noopener noreferrer">CVE-2020-35611</a></li> </ul> <h3>Description</h3> <p>The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 2.5.0 - 3.9.22</p> <h3>Solution</h3> <p>Upgrade to version 3.9.23</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong> Corch</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html" itemprop="url"> [20201101] - Core - com_finder ignores access levels on autosuggest </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Moderate</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 2.5.0-3.9.22</li> <li><strong>Exploit type:</strong> Information Disclosure</li> <li><strong>Reported Date:</strong> 2020-06-21</li> <li><strong>Fixed Date:</strong> 2020-11-24</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35610" target="_blank" rel="noopener noreferrer">CVE-2020-35610</a></li> </ul> <h3>Description</h3> <p>The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 2.5.0 - 3.9.22</p> <h3>Solution</h3> <p>Upgrade to version 3.9.23</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong> Phil Taylor</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/825-20200802-core-open-redirect-in-com-content-vote-feature.html" itemprop="url"> [20200802] - Core - Open redirect in com_content vote feature </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.0.0-3.9.20</li> <li><strong>Exploit type:</strong> Open Redirect</li> <li><strong>Reported Date:</strong> 2020-July-05</li> <li><strong>Fixed Date:</strong> 2020-August-25</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24598" target="_blank" rel="noopener noreferrer">CVE-2020-24598</a></li> </ul> <h3>Description</h3> <p>Lack of input validation in com_content leads to an open redirect.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.0.0 - 3.9.20</p> <h3>Solution</h3> <p>Upgrade to version 3.9.21</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>Ahmad Kamaran Jamil</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/827-20200803-core-directory-traversal-in-com-media.html" itemprop="url"> [20200803] - Core - Directory traversal in com_media </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 2.5.0-3.9.20</li> <li><strong>Exploit type:</strong> Directory Traversal</li> <li><strong>Reported Date:</strong> 2020-February-02</li> <li><strong>Fixed Date:</strong> 2020-August-25</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24597" target="_blank" rel="noopener noreferrer">CVE-2020-24597</a></li> </ul> <h3>Description</h3> <p>Lack of input validation allows com_media root paths outside of the webroot.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 2.5.0 - 3.9.20</p> <h3>Solution</h3> <p>Upgrade to version 3.9.21</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>Hoang Kien from VSEC</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/824-20200801-core-xss-in-mod-latestactions.html" itemprop="url"> [20200801] - Core - XSS in mod_latestactions </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Moderate</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.9.0-3.9.20</li> <li><strong>Exploit type:</strong> XSS</li> <li><strong>Reported Date:</strong> 2020-August-21</li> <li><strong>Fixed Date:</strong> 2020-August-25</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24599" target="_blank" rel="noopener noreferrer">CVE-2020-24599</a></li> </ul> <h3>Description</h3> <p>Lack of escaping in mod_latestactions allows XSS attacks.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.9.0 - 3.9.20</p> <h3>Solution</h3> <p>Upgrade to version 3.9.21</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>Peter Martin</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/823-20200706-core-system-information-screen-could-expose-redis-or-proxy-credentials.html" itemprop="url"> [20200706] - Core - System Information screen could expose redis or proxy credentials </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.0.0-3.9.19</li> <li><strong>Exploit type:</strong> Information Disclosure</li> <li><strong>Reported Date:</strong> 2020-Jun-17</li> <li><strong>Fixed Date:</strong> 2020-July-14</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15698" target="_blank" rel="noopener noreferrer">CVE-2020-15698</a></li> </ul> <h3>Description</h3> <p>Inadequate filtering in the system information screen could expose redis or proxy credentials</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.0.0 - 3.9.19</p> <h3>Solution</h3> <p>Upgrade to version 3.9.20</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>Phil Taylor</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/822-20200705-core-escape-mod-random-image-link.html" itemprop="url"> [20200705] - Core - Escape mod_random_image link </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.0.0-3.9.19</li> <li><strong>Exploit type:</strong> XSS</li> <li><strong>Reported Date:</strong> 2020-Jun-08</li> <li><strong>Fixed Date:</strong> 2020-July-14</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15696" target="_blank" rel="noopener noreferrer">CVE-2020-15696</a></li> </ul> <h3>Description</h3> <p>Lack of input filtering and escaping allows XSS attacks in mod_random_image</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.0.0 - 3.9.19</p> <h3>Solution</h3> <p>Upgrade to version 3.9.20</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>Phil Taylor</div> </div> </div> <div class="com-content-category-blog__item blog-item" itemprop="blogPost" itemscope itemtype="https://schema.org/BlogPosting"> <div class="page-header"> <h2 itemprop="name"> <a href="/security-centre/821-20200704-core-variable-tampering-via-user-table-class.html" itemprop="url"> [20200704] - Core - Variable tampering via user table class </a> </h2> </div> <div class="item-content"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.0.0-3.9.19</li> <li><strong>Exploit type:</strong> Incorrect Access Control</li> <li><strong>Reported Date:</strong> 2020-Jun-02</li> <li><strong>Fixed Date:</strong> 2020-July-14</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15697" target="_blank" rel="noopener noreferrer">CVE-2020-15697</a></li> </ul> <h3>Description</h3> <p>Internal read-only fields in the User table class could be modified by users.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.9.0 - 3.9.19</p> <h3>Solution</h3> <p>Upgrade to version 3.9.20</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>Phil Taylor</div> </div> </div> </div> <div class="com-content-category-blog__navigation w-100"> <p class="com-content-category-blog__counter counter float-md-end pt-3 pe-2"> Page 7 of 27 </p> <div class="com-content-category-blog__pagination"> <nav class="pagination__wrapper" aria-label="Pagination"> <ul class="pagination ms-0 mb-4"> <li class="page-item"> <a aria-label="Go to first page" href="/security-centre.html" class="page-link"> <span class="icon-angle-double-left" aria-hidden="true"></span> </a> </li> <li class="page-item"> <a aria-label="Go to previous page" href="/security-centre.html?start=50" class="page-link"> <span class="icon-angle-left" aria-hidden="true"></span> </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 2" href="/security-centre.html?start=10" class="page-link"> 2 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 3" href="/security-centre.html?start=20" class="page-link"> 3 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 4" href="/security-centre.html?start=30" class="page-link"> 4 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 5" href="/security-centre.html?start=40" class="page-link"> 5 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 6" href="/security-centre.html?start=50" class="page-link"> 6 </a> </li> <li class="active page-item"> <a aria-current="true" aria-label="Page 7" href="#" class="page-link">7</a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 8" href="/security-centre.html?start=70" class="page-link"> 8 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 9" href="/security-centre.html?start=80" class="page-link"> 9 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 10" href="/security-centre.html?start=90" class="page-link"> 10 </a> </li> <li class="page-item d-none d-sm-block"> <a aria-label="Go to page 11" href="/security-centre.html?start=100" class="page-link"> 11 </a> </li> <li class="page-item"> <a aria-label="Go to next page" href="/security-centre.html?start=70" class="page-link"> <span class="icon-angle-right" aria-hidden="true"></span> </a> </li> <li class="page-item"> <a aria-label="Go to last page" href="/security-centre.html?start=260" class="page-link"> <span class="icon-angle-double-right" aria-hidden="true"></span> </a> </li> </ul> </nav> </div> </div> </div> <nav class="mod-breadcrumbs__wrapper" aria-label="Breadcrumbs"> <ol class="mod-breadcrumbs breadcrumb px-3 py-2"> <li class="mod-breadcrumbs__here float-start"> You are here:   </li> <li class="mod-breadcrumbs__item breadcrumb-item"><a href="/" class="pathway"><span>Home</span></a></li><li class="mod-breadcrumbs__item breadcrumb-item active"><span>Security Announcements</span></li> </ol> </nav> <!-- End Content --> </main> <aside class="col-md-3 sidebar-right"> <!-- Begin Right Sidebar --> <div class="moduletable "> <div id="mod-custom119" class="mod-custom custom"> <h3>Joomla! CMS</h3> <ul class="nav menu flex-column nav-tabs"> <li class="nav-item"><a class="nav-link" href="https://downloads.joomla.org/latest">Current Release <span class="float-end float-md-none float-lg-end"><img src="/images/joomla-logo.png" alt="Joomla! CMS 3" /> 4<strong>.x</strong></span></a></li> <li class="nav-item"><a class="nav-link" href="https://issues.joomla.org">View known Issues</a></li> <li class="nav-item"><a class="nav-link" href="https://github.com/joomla/joomla-cms#build-status" target="_blank" rel="noopener noreferrer">Development Status</a></li> <li class="nav-item"><a class="nav-link" href="/nightly-builds.html">Download Nightly builds</a></li> </ul> <h3>Joomla! Framework</h3> <ul class="nav menu flex-column nav-tabs"> <li class="nav-item"><a class="nav-link" href="https://framework.joomla.org">Current Release <span class="float-end float-md-none float-lg-end"><img src="/images/joomla-framework.png" alt="Joomla! Framework Logo" /> 2<strong>.x</strong></span></a></li> <li class="nav-item"><a class="nav-link" href="https://framework.joomla.org/status">Development Status</a></li> </ul></div> </div> <div class="moduletable "> <h3 >Resources</h3> <ul class="mod-menu mod-list nav flex-column nav-tabs"> <li class="nav-item item-474"><a href="/development-strategy.html" class="nav-link">Development Strategy</a></li><li class="nav-item item-565 current active"><a href="/security-centre.html" class="nav-link" aria-current="page">Security Announcements</a></li><li class="nav-item item-736"><a href="/security/contact-the-team.html" class="nav-link">Report Security Issues</a></li><li class="nav-item item-685"><a href="/about/stats.html" class="nav-link">Usage Statistics</a></li><li class="nav-item item-687"><a href="/about/stats/api.html" class="nav-link">Statistics API Documentation</a></li><li class="nav-item item-466"><a href="https://api.joomla.org" class="nav-link">Joomla! API Documentation</a></li><li class="nav-item item-467"><a href="/coding-standards.html" class="nav-link">Coding Standards Manual</a></li><li class="nav-item item-662"><a href="/joomlacode-archive.html" class="nav-link">JoomlaCode Archive</a></li></ul> </div> <div class="moduletable "> <h3 >Mailing Lists</h3> <ul class="mod-menu mod-list nav flex-column nav-tabs"> <li class="nav-item item-748"><a href="https://community.joomla.org/joomla-developer-network-newsletter.html" class="nav-link">Developer Network Newsletter</a></li><li class="nav-item item-469"><a href="https://groups.google.com/group/joomla-dev-general" class="nav-link"> General Extensions Mailing</a></li><li class="nav-item item-470"><a href="https://groups.google.com/group/joomla-dev-cms" class="nav-link">CMS Mailing</a></li><li class="nav-item item-471"><a href="https://groups.google.com/group/joomla-dev-framework" class="nav-link">Framework Mailing</a></li><li class="nav-item item-514"><a href="https://groups.google.com/group/joomla-docs" class="nav-link">Documentation Mailing</a></li></ul> </div> <!-- End Right Sidebar --> </aside> </div> </div> </div> <!-- Footer --> <footer class="footer text-center"> <div class="container"> <hr /> <div class="social"> <ul class="soc"> <li><a href="https://twitter.com/joomla" target="_blank" rel="noopener" title="Joomla! on Twitter"><span aria-hidden="true" class="fab fa-twitter"></span><span class="visually-hidden">Joomla! on Twitter</span></a></li> <li><a href="https://www.facebook.com/joomla" target="_blank" rel="noopener" title="Joomla! on Facebook"><span aria-hidden="true" class="fab fa-facebook"></span><span class="visually-hidden">Joomla! on Facebook</span></a></li> <li><a href="https://www.youtube.com/user/joomla" target="_blank" rel="noopener" title="Joomla! on YouTube"><span aria-hidden="true" class="fab fa-youtube"></span><span class="visually-hidden">Joomla! on YouTube</span></a></li> <li><a href="https://www.linkedin.com/company/joomla" target="_blank" rel="noopener" title="Joomla! on LinkedIn"><span aria-hidden="true" class="fab fa-linkedin"></span><span class="visually-hidden">Joomla! on LinkedIn</span></a></li> <li><a href="https://www.pinterest.com/joomla" target="_blank" rel="noopener" title="Joomla! on Pinterest"><span aria-hidden="true" class="fab fa-pinterest"></span><span class="visually-hidden">Joomla! on Pinterest</span></a></li> <li><a href="https://www.instagram.com/joomlaofficial/" target="_blank" rel="noopener" title="Joomla! on Instagram"><span aria-hidden="true" class="fab fa-instagram"></span><span class="visually-hidden">Joomla! on Instagram</span></a></li> <li><a href="https://github.com/joomla" target="_blank" rel="noopener" title="Joomla! on GitHub"><span aria-hidden="true" class="fab fa-github"></span><span class="visually-hidden">Joomla! on GitHub</span></a></li> </ul> </div> <div class="footer-menu"> <nav class="navbar navbar-expand"> <div class="container-fluid"> <ul class="navbar-nav mx-auto flex-wrap"> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org"><span>Home</span></a></li> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/about-joomla.html"><span>About</span></a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org"><span>Community</span></a></li> <li class="nav-item"><a class="nav-link" href="https://forum.joomla.org"><span>Forum</span></a></li> <li class="nav-item"><a class="nav-link" href="https://extensions.joomla.org"><span>Extensions</span></a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org/service-providers-directory.html"><span>Services</span></a></li> <li class="nav-item"><a class="nav-link" href="https://docs.joomla.org"><span>Docs</span></a></li> <li class="nav-item"><a class="nav-link" href="https://developer.joomla.org"><span>Developer</span></a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org/the-joomla-shop.html"><span>Shop</span></a></li> </ul> </div> </nav> <nav class="navbar navbar-expand"> <div class="container-fluid"> <ul class="navbar-nav mx-auto flex-wrap"> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/accessibility-statement.html">Accessibility Statement</a></li> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/privacy-policy.html">Privacy Policy</a></li> <li class="nav-item"><a class="nav-link" href="https://www.joomla.org/cookie-policy.html">Cookie Policy</a></li> <li class="nav-item"><a class="nav-link" href="https://community.joomla.org/sponsorship-campaigns.html">Sponsor Joomla! with $5</a></li> <li class="nav-item"><a class="nav-link" href="https://joomla.crowdin.com" target="_blank" rel="noopener">Help Translate</a></li> <li class="nav-item"><a class="nav-link" href="https://github.com/joomla/joomla-websites/issues/new?title=[jdev]%20&body=Please%20describe%20the%20problem%20or%20your%20issue">Report an Issue</a></li> <li class="nav-item"><a class="nav-link" href="/component/content/category/8-news/13-security.html?layout=blog&Itemid=&start=60">Log in</a></li> </ul> </div> </nav> <p class="copyright">© 2005 - 2024 <a href="https://opensourcematters.org">Open Source Matters, Inc.</a> All Rights Reserved.</p> <div class="hosting"> <div class="hosting-image"><a href="https://www.rochen.com/joomla-hosting" rel="noopener" target="_blank"><img class="rochen" src="https://cdn.joomla.org/rochen/rochen_footer_logo_white.svg" alt="Rochen" /></a></div> <div class="hosting-text"><a href="https://www.rochen.com/joomla-hosting" rel="noopener" target="_blank"><span dir="ltr">Joomla!</span> Hosting by Rochen</a></div> </div> </div> <div id="adblock-msg" class="alert alert-danger d-none"> <button class="btn-close" data-bs-dismiss="alert" href="#"><span class="visually-hidden">Close</span></button> <span class="fa fa-triangle-exclamation"></span> We have detected that you are using an ad blocker. The Joomla! Project relies on revenue from these advertisements so please consider disabling the ad blocker for this domain. </div> </div> </footer> </body> </html>