SB2020112437 - Multiple vulnerabilities in Joomla!
Published: November 24, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within the autosuggestion feature of com_finder did. A remote user can gain unauthorized access to sensitive information within the application.
2) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when handling handling ACL rulesets. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
3) Cross-site request forgery (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin within the emailexport feature of com_privacy component. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
4) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can enumerate web application users.
5) SQL injection (CVE-ID: N/A)
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the blacklist configuration. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
6) Path traversal (CVE-ID: N/A)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the mod_random_image component. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
7) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the globlal configuration page does not remove secrets from the HTML output. A remote user can gain unauthorized access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://developer.joomla.org/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html
- https://developer.joomla.org/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html
- https://developer.joomla.org/security-centre/833-20201106-core-csrf-in-com-privacy-emailexport-feature.html
- https://developer.joomla.org/security-centre/832-20201105-core-user-enumeration-in-backend-login.html
- https://developer.joomla.org/security-centre/831-20201104-core-sql-injection-in-com-users-list-view.html
- https://developer.joomla.org/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html
- https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html