| Vulnerability Name: | CVE-2020-15695 (CCN-185349) |
| Assigned: | 2020-05-07 |
| Published: | 2020-05-07 |
| Updated: | 2020-07-15 |
| Summary: | An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
|
| CVSS v3 Severity: | 6.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
5.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-352
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2020-15695
Source: CCN
Type: Joomla! Developers Web site
Core - CSRF in com_privacy remove-request feature
Source: MISC
Type: Vendor Advisory
https://developer.joomla.org/security-centre/820-20200703-core-csrf-in-com-privacy-remove-request-feature.html
Source: XF
Type: UNKNOWN
joomla-cve202015695-csrf(185349)
Source: CCN
Type: Joomla Web site
Joomla
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:joomla:joomla!:*:*:*:*:*:*:*:* (Version >= 3.9.0 and <= 3.9.19)
Configuration CCN 1:
cpe:/a:joomla:joomla!:3.4.4:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.6.3:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.7.0:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.7.3:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.5:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.11:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.13:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.0.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.0.1:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.0.2:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.0.3:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.0.4:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.1:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.2:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.3:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.4:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.5:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.1.6:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.2:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.3:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.4:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.5:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.6:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.2.7:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.2:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.3:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.4:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.5:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.3.6:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.2:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.3:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.5:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.6:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.7:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.4.8:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.5.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.5.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.6.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.6.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.6.2:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.6.4:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.6.5:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.7.1:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.7.2:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.7.4:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.7.5:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.2:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.3:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.4:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.5:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.6:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.7:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.8:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.9:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.10:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.11:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.12:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.8.13:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.0:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.2:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.3:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.4:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.6:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.7:-:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.8:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.9:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.10:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.12:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.14:*:*:*:*:*:*:*OR cpe:/a:joomla:joomla!:3.9.19:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |