CVE-2020-35616 – This vulnerability in Joomla! allows authentica... (How to Fix)

Q: What is the severity of CVE-2020-35616?

CVE-2020-35616 has a CVSS score of 7.5 (HIGH). This vulnerability in Joomla! allows authenticated users to bypass write access controls (ACL) due to insufficient input validation when handling ACL rulesets. Attackers with some level of access can perform unauthorized write operations they shouldn't be permitted to do. This affects all Joomla! installations from version 1.7.0 through 3.9.22.

📋 TL;DR

This vulnerability in Joomla! allows authenticated users to bypass write access controls (ACL) due to insufficient input validation when handling ACL rulesets. Attackers with some level of access can perform unauthorized write operations they shouldn't be permitted to do. This affects all Joomla! installations from version 1.7.0 through 3.9.22.

💻 Affected Systems

Products:

Joomla!

Versions: 1.7.0 through 3.9.22

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Joomla! installations within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Joomla\! by Joomla

View all CVEs affecting Joomla\! →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged authenticated users could modify critical system settings, inject malicious content, or escalate privileges to administrative levels, potentially leading to complete system compromise.

🟠

Likely Case

Authenticated users with limited permissions could modify content or settings beyond their intended access level, potentially defacing websites or altering configuration.

🟢

If Mitigated

With proper network segmentation and minimal user privileges, impact would be limited to specific application components rather than full system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is relatively straightforward once authentication is achieved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.9.23

Vendor Advisory: https://developer.joomla.org/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html

Restart Required: No

Instructions:

1. Backup your Joomla! installation and database. 2. Download Joomla! 3.9.23 or later from the official website. 3. Replace all core Joomla! files with the updated version. 4. Clear Joomla! cache. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict User Permissions

all

Temporarily reduce user permissions to minimum required levels to limit potential damage from exploitation.

🧯 If You Can't Patch

Implement strict network access controls to limit Joomla! administration interface access to trusted IP addresses only.
Enable detailed logging and monitoring for unusual write operations or permission changes.

🔍 How to Verify

Check if Vulnerable:

Check Joomla! version in administrator panel or examine includes/version.php file for version number.

Check Version:

php -r "include 'includes/version.php'; echo JVERSION;"

Verify Fix Applied:

Verify version is 3.9.23 or later and check that ACL functionality works correctly with test users.

📡 Detection & Monitoring

Log Indicators:

Unusual write operations by non-admin users
Permission changes in ACL logs
Failed access control events

Network Indicators:

HTTP POST requests to admin endpoints from unauthorized users

SIEM Query:

source="joomla_logs" AND (event_type="write_operation" AND user_role!="admin")

📊 Metadata

CVE ID: CVE-2020-35616

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-20

Published: December 28, 2020

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35616, you might also want to check these: