exploitDog

CVE-2021-23128

Опубликовано: 04 мар. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Версия от 3.2.0 (включая) до 3.9.25 (исключая)

EPSS

Процентиль: 1%

0.00009

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7h2v-2fwm-pjjh

github

больше 3 лет назад

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.

EPSS

Процентиль: 1%

0.00009

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo