x====================================================================== CERT-Renater Note d'Information No. 2024/VULN332 _____________________________________________________________________ DATE : 23/08/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Joomla! versions prior to 4.4.7, 5.1.3. ===================================================================== https://developer.joomla.org/security-centre/941-20240801-core-inadequate-validation-of-internal-urls.html https://developer.joomla.org/security-centre/942-20240802-core-cache-poisoning-in-pagination.html https://developer.joomla.org/security-centre/944-20240803-core-xss-in-html-mail-templates.html https://developer.joomla.org/security-centre/945-20240804-core-improper-acl-for-backend-profile-view.html _____________________________________________________________________ Security Announcements [20240801] - Core - Inadequate validation of internal URLs Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.4.6-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: Open redirect Reported Date: 2024-03-20 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27184 Description Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Affected Installs Joomla! CMS versions 3.4.6-3.10.16-elts,4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By: Gareth Heyes (PortSwigger Research) & Teodor Ivanov _____________________________________________________________________ Security Announcements [20240802] - Core - Cache Poisoning in Pagination Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: Cache Poisoning Reported Date: 2024-05-23 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27185 Description The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. Affected Installs Joomla! CMS versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 3.10.17-elts, 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By: Shane Edwards _____________________________________________________________________ Security Announcements [20240803] - Core - XSS in HTML Mail Templates Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Probability: Moderate Versions: 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: XSS Reported Date: 2024-07-22 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27186 Description The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. Affected Installs Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By: Elysee Franchuk _____________________________________________________________________ Security Announcements [20240804] - Core - Improper ACL for backend profile view Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Probability: Low Versions: 4.0.0-4.4.6, 5.0.0-5.1.2 Exploit type: XSS Reported Date: 2024-07-22 Fixed Date: 2024-08-20 CVE Number: CVE-2024-27187 Description Improper Access Controls allows backend users to overwrite their username when disallowed. Affected Installs Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2 Solution Upgrade to version 4.4.7 or 5.1.3 Contact The JSST at the Joomla! Security Centre. Reported By: Elysee Franchuk ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================