Joomla Security Announcements

Security Patch information from joomla.org.  Joomla User Group Chicago North (JUGCN) is not responsible for the content.

 

  1. [20200802] - Core - Open redirect in com_content vote feature

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.20
    • Exploit type: Open Redirect
    • Reported Date: 2020-July-05
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24598

    Description

    Lack of input validation in com_content leads to an open redirect.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Ahmad Kamaran Jamil

  2. [20200803] - Core - Directory traversal in com_media

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.20
    • Exploit type: Directory Traversal
    • Reported Date: 2020-February-02
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24597

    Description

    Lack of input validation allows com_media root paths outside of the webroot.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  3. [20200801] - Core - XSS in mod_latestactions

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.9.0-3.9.20
    • Exploit type: XSS
    • Reported Date: 2020-August-21
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24599

    Description

    Lack of escaping in mod_latestactions allows XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Peter Martin

  4. [20200706] - Core - System Information screen could expose redis or proxy credentials

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Information Disclosure
    • Reported Date: 2020-Jun-17
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15698

    Description

    Inadequate filtering in the system information screen could expose redis or proxy credentials

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

  5. [20200705] - Core - Escape mod_random_image link

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: XSS
    • Reported Date: 2020-Jun-08
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15696

    Description

    Lack of input filtering and escaping allows XSS attacks in mod_random_image

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
Ask JUGCN!
×

Got a Joomla! Question? Ask JUGCN

Ask away... we will get back to you within 24 hours

Please let us know your message.

Please let us know your name.

Please let us know your email address.

Invalid Input