Joomla Security Notice :: November 6, 2019

Started by Jason, November 06, 2019, 05:06:55 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

November 06, 2019, 05:06:55 PM
Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

QuoteJoomla! Security News

________________________________________
[20191002] - Core - Path Disclosure in phpuft8 mapping files
Posted: 05 Nov 2019 05:00 AM PST
-> Project: Joomla!
-> SubProject: CMS
-> Impact: Low
-> Severity: Low
-> Versions: 3.6.0 - 3.9.12
-> Exploit type: Path Disclosure
-> Reported Date: 2019-November-01
-> Fixed Date: 2019-November-05
-> CVE Number: CVE-2019-18674
Description
Missing access check in the phputf8 mapping files could lead to an path disclosure.
Affected Installs
Joomla! CMS versions 3.6.0 - 3.9.12
Solution
Upgrade to version 3.9.13
 

[20191001] - Core - CSRF in com_template overrides view
Posted: 05 Nov 2019 05:00 AM PST
-> Project: Joomla!
-> SubProject: CMS
-> Impact: High
-> Severity: Low
-> Versions: 3.2.0-3.9.12
-> Exploit type: CSRF
-> Reported Date: 2019-October-10
-> Fixed Date: 2019-November-05
-> CVE Number: CVE-2019-18650
Description
A missing token check in com_template causes a CSRF vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 - 3.9.12
Solution
Upgrade to version 3.9.13
Print
Go Up Pages1
User actions