====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN411
_____________________________________________________________________

DATE                : 17/07/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Joomla! Core versions prior to
                                          3.9.20.

=====================================================================
https://developer.joomla.org/security-centre/823-20200706-core-system-information-screen-could-expose-redis-or-proxy-credentials.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/u2g0mxhpOcw/822-20200705-core-escape-mod-random-image-link.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/gNyOaDMn0nk/821-20200704-core-variable-tampering-via-user-table-class.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/u1AquQjC25A/820-20200703-core-csrf-in-com-privacy-remove-request-feature.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/rbK7oHOEB5E/819-20200702-core-missing-checks-can-lead-to-a-broken-usergroups-table-record.html
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/QK86-YKzo9g/818-20200701-core-csrf-in-com-installer-ajax-install-endpoint.html
_____________________________________________________________________

[20200706] - Core - System Information screen could expose redis or
proxy credentials

  * Project: Joomla!
  * SubProject: CMS
  * Impact: Low
  * Severity: Low
  * Versions: 3.0.0-3.9.19
  * Exploit type: Information Disclosure
  * Reported Date: 2020-Jun-17
  * Fixed Date: 2020-July-14
  * CVE Number: CVE-2020-15698

Description

Inadequate filtering in the system information screen could expose redis
or proxy credentials


Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.19


Solution

Upgrade to version 3.9.20


Contact

The JSST at the Joomla! Security Centre.

Reported By: Phil Taylor

_____________________________________________________________________

[20200705] - Core - Escape mod_random_image link

  * Project: Joomla!
  * SubProject: CMS
  * Impact: Low
  * Severity: Low
  * Versions: 3.0.0-3.9.19
  * Exploit type: XSS
  * Reported Date: 2020-Jun-08
  * Fixed Date: 2020-July-14
  * CVE Number: CVE-2020-15696

Description

Lack of input filtering and escaping allows XSS attacks in
mod_random_image


Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.19


Solution

Upgrade to version 3.9.20


Contact

The JSST at the Joomla! Security Centre.

Reported By: Phil Taylor

_____________________________________________________________________


[20200704] - Core - Variable tampering via user table class

  * Project: Joomla!
  * SubProject: CMS
  * Impact: Low
  * Severity: Low
  * Versions: 3.0.0-3.9.19
  * Exploit type: Incorrect Access Control
  * Reported Date: 2020-Jun-02
  * Fixed Date: 2020-July-14
  * CVE Number: CVE-2020-15697

Description

Internal read-only fields in the User table class could be modified by
users.


Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.19


Solution

Upgrade to version 3.9.20


Contact

The JSST at the Joomla! Security Centre.

Reported By: Phil Taylor

_____________________________________________________________________


[20200703] - Core - CSRF in com_privacy remove-request feature

  * Project: Joomla!
  * SubProject: CMS
  * Impact: Low
  * Severity: Low
  * Versions: 3.9.0-3.9.19
  * Exploit type: CSRF
  * Reported Date: 2020-May-07
  * Fixed Date: 2020-July-14
  * CVE Number: CVE-2020-15695

Description

A missing token check in the remove request section of com_privacy
causes a CSRF vulnerability.


Affected Installs

Joomla! CMS versions 3.9.0 - 3.9.19


Solution

Upgrade to version 3.9.20


Contact

The JSST at the Joomla! Security Centre.

Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

_____________________________________________________________________


[20200702] - Core - Missing checks can lead to a broken usergroups table
record

  * Project: Joomla!
  * SubProject: CMS
  * Impact: Moderate
  * Severity: Low
  * Versions: 2.5.0-3.9.19
  * Exploit type: Incorrect Access Control
  * Reported Date: 2020-April-04
  * Fixed Date: 2020-July-14
  * CVE Number: CVE-2020-15699

Description

Missing validation checks at the usergroups table object can result into
an broken site configuration.


Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.19


Solution

Upgrade to version 3.9.20


Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC

_____________________________________________________________________


[20200701] - Core - CSRF in com_installer ajax_install endpoint

  * Project: Joomla!
  * SubProject: CMS
  * Impact: Low
  * Severity: Low
  * Versions: 3.7.0-3.9.19
  * Exploit type: CSRF
  * Reported Date: 2020-May-07
  * Fixed Date: 2020-July-14
  * CVE Number: CVE-2020-XXXXX

Description

A missing token check in the ajax_install endpoint com_installer causes
a CSRF vulnerability.


Affected Installs

Joomla! CMS versions 3.7.0 - 3.9.19


Solution

Upgrade to version 3.9.20


Contact

The JSST at the Joomla! Security Centre.

Reported By: Bui Duc Anh Khoa from Viettel Cyber Security


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================