SB2020031409 - Multiple vulnerabilities in Joomla!
Published: March 14, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2020-10241)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in com_templates when processing image actions. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
2) Cross-site scripting (CVE-ID: CVE-2020-10242)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in CSS selectors in the Protostar and Beez3 JavaScript. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Improper access control (CVE-ID: CVE-2020-10238)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in com_templates. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
4) Improper access control (CVE-ID: CVE-2020-10239)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in com_fields SQL field. A remote authenticated user can bypass implemented security restrictions and gain unauthorized access to the application.
5) Resource management error (CVE-ID: CVE-2020-10240)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to possible identifier collision in com_users component. Joomla! does not perform length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
6) SQL injection (CVE-ID: CVE-2020-10243)
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "Featured Articles" frontend menutype. A remote authenticated user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Remediation
Install update from vendor's website.
References
- https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html
- https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html
- https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html
- https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html
- https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html
- https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html