Joomla Security Notice :: August 26, 2020

Started by Jason, August 27, 2020, 12:28:51 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

QuoteJoomla! Security News
________________________________________
•   [20200802] - Core - Open redirect in com_content vote feature
•   [20200803] - Core - Directory traversal in com_media
•   [20200801] - Core - XSS in mod_latestactions
[20200802] - Core - Open redirect in com_content vote feature
Posted: 25 Aug 2020 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Low
> Severity: Low
> Versions: 3.0.0-3.9.20
> Exploit type: Open Redirect
> Reported Date: 2020-July-05
> Fixed Date: 2020-August-25
> CVE Number: CVE-2020-24598
Description
Lack of input validation in com_content leads to an open redirect.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.20
Solution
Upgrade to version 3.9.21
Contact
The JSST at the Joomla! Security Centre.
Reported By: Ahmad Kamaran Jamil
 
 
[20200803] - Core - Directory traversal in com_media
Posted: 25 Aug 2020 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Low
> Severity: Low
> Versions: 2.5.0-3.9.20
> Exploit type: Directory Traversal
> Reported Date: 2020-February-02
> Fixed Date: 2020-August-25
> CVE Number: CVE-2020-24597
Description
Lack of input validation allows com_media root paths outside of the webroot.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.20
Solution
Upgrade to version 3.9.21
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hoang Kien from VSEC
 
 
[20200801] - Core - XSS in mod_latestactions
Posted: 25 Aug 2020 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Moderate
> Severity: Low
> Versions: 3.9.0-3.9.20
> Exploit type: XSS
> Reported Date: 2020-August-21
> Fixed Date: 2020-August-25
> CVE Number: CVE-2020-24599
Description
Lack of escaping in mod_latestactions allows XSS attacks.
Affected Installs
Joomla! CMS versions 3.9.0 - 3.9.20
Solution
Upgrade to version 3.9.21
Contact
The JSST at the Joomla! Security Centre.
Reported By: Peter Martin