Joomla Security Notice :: August 29, 2018

Started by Jason, August 30, 2018, 09:49:11 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Jason

August 30, 2018, 09:49:11 AM
Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

QuoteJoomla! Security News

________________________________________
•    [20180803] - Core - ACL Violation in custom fields
•    [20180802] - Core - Stored XSS vulnerability in the frontend profile
•    [20180801] - Core - Hardening the InputFilter for PHAR stubs
[20180803] - Core - ACL Violation in custom fields
Posted: 26 Aug 2018 06:45 AM PDT
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 3.7.0 through 3.8.11
-- Exploit type: ACL Violation
-- Reported Date: 2018-July-10
-- Fixed Date: 2018-August-28
-- CVE Number: CVE-2018-15881
Description
Inadequate checks regarding disabled fields can lead to an ACL violation.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Elisa Foltyn, COOLCAT CREATIONS
 
 

[20180802] - Core - Stored XSS vulnerability in the frontend profile
Posted: 26 Aug 2018 06:45 AM PDT
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 1.5.0 through 3.8.11
-- Exploit type: XSS
-- Reported Date: 2018-July-10
-- Fixed Date: 2018-August-28
-- CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Roland Dalmulder, Perfect Web Team
 
 

[20180801] - Core - Hardening the InputFilter for PHAR stubs
Posted: 26 Aug 2018 06:45 AM PDT
-- Project: Joomla!
-- SubProject: CMS
-- Impact: High
-- Severity: Low
-- Versions: 1.5.0 through 3.8.11
-- Exploit type: Malicious file upload
-- Reported Date: 2018-August-23
-- Fixed Date: 2018-August-28
-- CVE Number: CVE-2018-15882
Description
Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Davide Tampellini
 
Print
Go Up Pages1
User actions