Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0805
Joomla Security Announcements
5 March 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Joomla! Core
Publisher: Joomla! project
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Modify Arbitrary Files -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Unauthorised Access -- Existing Account
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26029 CVE-2021-26028 CVE-2021-26027
CVE-2021-23132 CVE-2021-23131 CVE-2021-23130
CVE-2021-23129 CVE-2021-23128 CVE-2021-23127
CVE-2021-23126
Original Bulletin:
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/v36E6N-ORY4/845-20210305-core-input-validation-within-the-template-manager.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/OmcLuS1lR1s/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/ML-7bfS-MuQ/842-20210302-core-potential-insecure-fofencryptrandval.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/vRuZVgU3dZ4/843-20210303-core-xss-within-alert-messages-showed-to-users.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/b__5EK05kBA/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/IvmEUNGk7U8/844-20210304-core-xss-within-the-feed-parser-library.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/u9ZYXtOiP5s/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/xuNcUFlcISE/847-20210307-core-acl-violation-within-com-content-frontend-editing.html
http://feedproxy.google.com/~r/JoomlaSecurityNews/~3/qW_FwiHz2vg/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html
Comment: This bulletin contains nine (9) Joomla! project security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
[20210305] - Core - Input validation within the template manager
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 - 3.9.24
Exploit type: Improper Input Validation
Reported Date: 2020-05-07
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23131
Description
Missing input validation within the template manager.
Affected Installs
Joomla! CMS versions 3.2.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
- --------------------------------------------------------------------------------
[20210301] - Core - Insecure randomness within 2FA secret generation
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 - 3.9.24
Exploit type: Insecure Randomness
Reported Date: 2021-01-12
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23126, CVE-2021-23127
Description
Usage of the insecure rand() function within the process of generating the
2FA secret.
Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of
10 bytes vs 20 bytes.
This issue has been coordinated with Akeeba Ltd as contributor of
the original FOF codebase to the core.
Affected Installs
Joomla! CMS versions 3.2.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Bock
- --------------------------------------------------------------------------------
[20210302] - Core - Potential Insecure FOFEncryptRandval
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 - 3.9.24
Exploit type: Insecure Randomness
Reported Date: 2021-01-13
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23128
Description
The core shipped but unused randval implementation within FOF
(FOFEncryptRandval) used an potential insecure implemetation. That has now
been replaced with a call to "random_bytes()" and its backport that is
shipped within random_compat.
This issue has been coordinated with Akeeba Ltd as contributor of
the original FOF codebase to the core.
Affected Installs
Joomla! CMS versions 3.2.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Bock
- --------------------------------------------------------------------------------
[20210303] - Core - XSS within alert messages showed to users
Project: Joomla!
SubProject: CMS
Impact:Â Moderate
Severity: Low
Versions: 2.5.0 - 3.9.24
Exploit type: XSS
Reported Date: 2020-05-07
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23129
Description
Missing filtering of messages showed to users that could lead to xss issues.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
- --------------------------------------------------------------------------------
[20210308] - Core - Path Traversal within joomla/archive zip class
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0 - 3.9.24
Exploit type: Path Traversal
Reported Date: 2020-09-08
Fixed Date: 2021-03-02
CVE Number: CVE-2021-26028
Description
Extracting an specifilcy crafted zip package could write files outside of
the intended path.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Sarunas Paulauskas
- --------------------------------------------------------------------------------
[20210304] - Core - XSS within the feed parser library
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 - 3.9.24
Exploit type: XSS
Reported Date: 2020-05-05
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23130
Description
Missing filtering of feed fields could lead to xss issues.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
- --------------------------------------------------------------------------------
[20210306] - Core - com_media allowed paths that are not intended for image
uploads
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0 - 3.9.24
Exploit type: Improper Input Validation
Reported Date: 2020-02-17
Fixed Date: 2021-03-02
CVE Number: CVE-2021-23132
Description
com_media allowed paths that are not intended for image uploads.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hoang Kien from VSEC
- --------------------------------------------------------------------------------
[20210307] - Core - ACL violation within com_content frontend editing
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0 - 3.9.24
Exploit type: ACL violation
Reported Date: 2020-10-25
Fixed Date: 2021-03-02
CVE Number: CVE-2021-26027
Description
Incorrect ACL checks could allow unauthorized change of the category for an
article.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: Brian Teeman, George Wilson (JSST), David Jardin (JSST)
- --------------------------------------------------------------------------------
[20210309] - Core - Inadequate filtering of form contents could allow to
overwrite the author field
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.6.0 - 3.9.24
Exploit type: ACL Violation
Reported Date: 2021-01-31
Fixed Date: 2021-03-02
CVE Number: CVE-2021-26029
Description
Inadequate filtering of form contents could allow to overwrite the author
field. The affected core components are com_fields, com_categories,
com_banners, com_contact, com_newsfeeds and com_tags.Â
Affected Installs
Joomla! CMS versions 1.6.0 - 3.9.24
Solution
Upgrade to version 3.9.25
Contact
The JSST at the Joomla! Security Centre.
Reported By: DangKhai from Viettel Cyber Security
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYEG6puNLKJtyKPYoAQiQNQ//dQPPkLIJ9sufi8lRZcJ5YUQ1o+VYVdyU
OE0t2NhSSuViXDZxO8dpB9try+tBcR7lMgl6wYW9TAiWIlx1xdBRxtSoVsOzABri
lc4V3K6xsMz8517x/wutZ4q48s6xY88lBnSBfSt2QtxTZ836jwWtT6jgDpGbwTUy
8M2Uole50PVqg2Zl/2Jl+mUz6oEyRg2x42CcicQIhzYay/knx1/4SvDFyZm8cnpV
OFV+Tfhhu+01gsmWixzHL5m04mdgLXkIgB2Xr4XjNJGCgfQZnConSPAxNJFxjx+S
XAL3HMT/ZfbgLEyRCJYiMpyl/+Cifh4euUwlvZSI2iNOedrFZkdhecWS9lEWdNXb
KLohRgWgWnSJsgVWN8nUPrTamgLqom8iQ+KQUMsOJTsDrqrpfMQZbXfustbTyQhF
HHuMO4SSIe7G5txTI18IhfDxU4b0hIu26gxPVuvTp2qSN7FsP/Su/f4iOkxlmPka
cDkHnRvJDC2GIqd1wuti6ef4vT0ViKGPe4T7bCKv2PC3i80+sluP8qhDUkGL3eu8
AhS5BpBSNwUhxKeA1avVCvIHK95iclcwnIGkwbVVci2HA3f+IHlqjy+1leaZiMes
3dnwUrN7Bsbgdjm5FXOctHEr6yFa4TvPiuUFH91gR9nB1eesrpc3tcE71Pl1lM8D
W8/54R/UlsA=
=jG/5
-----END PGP SIGNATURE-----