CVE-2021-23128 Vulnerability Details

  /     /     /  

CVE-2021-23128 Metadata Quick Info

CVE Published: 04/03/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: Joomla | Vendor: Joomla! Project | Product: Joomla! CMS
Status : PUBLISHED

CVE-2021-23128 Description

An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to \'random_bytes()\' and its backport that is shipped within random_compat.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Insecure Randomness
Source: Joomla! Project

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: