Joomla Security Notice :: April 22, 2020

Started by Jason, April 25, 2020, 03:36:15 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

QuoteJoomla! Security News

________________________________________
> [20200403] - Core - Incorrect access control in com_users access level deletion function
> [20200402] - Core - Missing checks for the root usergroup in usergroup table
> [20200401] - Core - Incorrect access control in com_users access level editing function
[20200403] - Core - Incorrect access control in com_users access level deletion function
Posted: 21 Apr 2020 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Moderate
> Severity: Low
> Versions: 2.5.0 - 3.9.16
> Exploit type: Incorrect Access Control
> Reported Date: 2020-March-13
> Fixed Date: 2020-April-21
> CVE Number: CVE-2020-11889
Description
Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.16
Solution
Upgrade to version 3.9.17
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hoang Kien from VSEC
 
 

[20200402] - Core - Missing checks for the root usergroup in usergroup table
Posted: 21 Apr 2020 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Moderate
> Severity: Low
> Versions: 2.5.0 - 3.9.16
> Exploit type: Incorrect Access Control
> Reported Date: 2020-February-27
> Fixed Date: 2020-April-21
> CVE Number: CVE-2020-11890
Description
Inproper input validations in the usergroup table class could lead to a broken ACL configuration.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.16
Solution
Upgrade to version 3.9.17
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hoang Kien from VSEC
 
 

[20200401] - Core - Incorrect access control in com_users access level editing function
Posted: 21 Apr 2020 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Low
> Severity: Low
> Versions: 3.8.8 - 3.9.16
> Exploit type: Incorrect Access Control
> Reported Date: 2020-March-13
> Fixed Date: 2020-April-21
> CVE Number: CVE-2020-11891
Description
Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
Affected Installs
Joomla! CMS versions 3.8.8 - 3.9.16
Solution
Upgrade to version 3.9.17
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hoang Kien from VSEC