Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.

Remediation

References

CVE-2021-23128

Related Vulnerabilities

WordPress Plugin Sticky Menu on Scroll, Sticky Header, Sticky Welcome Bar for Any Theme-myStickymenu Unspecified Vulnerability (2.1.4)

WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Multiple Cross-Site Scripting Vulnerabilities (4.29.6)

WordPress Plugin Roomcloud Multiple Cross-Site Scripting Vulnerabilities (1.1)

SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2816)

Severity

Critical

Classification

CVE-2021-23128 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities