=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN421
_____________________________________________________________________

DATE                : 25/08/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Joomla! versions prior to 4.0.1.

=====================================================================
https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint
_____________________________________________________________________


[20210801] - Core - Insufficient access control for com_media deletion
endpoint

    Project: Joomla!
    SubProject: CMS
    Impact: Moderate
    Severity: High
    Versions: 4.0.0
    Exploit type: Incorrect Access Control
    Reported Date: 2021-08-20
    Fixed Date: 2021-08-24
    CVE Number: CVE-2021-26040


Description

The media manager does not correctly check the user's permissions before
executing a file deletion command.


Affected Installs

Joomla! CMS versions 4.0.0


Solution

Upgrade to version 4.0.1


Contact

The JSST at the Joomla! Security Centre.


Reported By: Maverick


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================