ESB-2019.0826 - [Win][UNIX/Linux] Joomla!: Multiple vulnerabilities 2019-03-14

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0826
                         Joomla! security updates
                               14 March 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Joomla!
Publisher:         Joomla!
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Unauthorised Access  -- Remote/Unauthenticated      
                   Cross-site Scripting -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-9714 CVE-2019-9713 CVE-2019-9712
                   CVE-2019-9711  

Original Bulletin: 
   https://developer.joomla.org/security-centre/

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Announcements

[20190304] - Core - Missing ACL check in sample data plugins

Posted: 12 Mar 2019 08:00 AM PDT

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: High
Versions: 3.8.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-February-28
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9713

Description

The sample data plugins lack ACL checks, allowing unauthorized access.
Affected Installs

Joomla! CMS versions 3.8.0 through 3.9.3
Solution

Upgrade to version 3.9.4
Contact

The JSST at the Joomla! Security Centre.
Reported By: Sven Hurt, Benjamin Trenkle


[20190303] - Core - XSS in media form field

Posted: 12 Mar 2019 08:00 AM PDT

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-February-25
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9714

Description

The media form field lacks escaping, leading to a XSS vulnerability.
Affected Installs

Joomla! CMS versions 3.2.0 through 3.9.3
Solution

Upgrade to version 3.9.4
Contact

The JSST at the Joomla! Security Centre.
Reported By: Fouad Maakor



///////////////////////////////////////////
[20190302] - Core - XSS in item_title layout

Posted: 12 Mar 2019 08:00 AM PDT

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-February-25
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9711

Description

The item_title layout in edit views lacks escaping, leading to a XSS  
vulnerability.
Affected Installs

Joomla! CMS versions 3.2.0 through 3.9.3
Solution

Upgrade to version 3.9.4
Contact

The JSST at the Joomla! Security Centre.
Reported By: Fouad Maakor



///////////////////////////////////////////
[20190301] - Core - XSS in com_config JSON handler

Posted: 12 Mar 2019 08:00 AM PDT

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.2.0 through 3.9.3
Exploit type: XSS
Reported Date: 2019-March-04
Fixed Date: 2019-March-12
CVE Number: CVE-2019-9712

Description

The JSON handler in com_config lacks input validation, leading to XSS  
vulnerability.
Affected Installs

Joomla! CMS versions 3.2.0 through 3.9.3
Solution

Upgrade to version 3.9.4
Contact

The JSST at the Joomla! Security Centre.
Reported By: Mario Korth, Hackmanit

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXInR0WaOgq3Tt24GAQhUcBAAwkgt9EQVHU4jICMEQtkUctiipp5+6K8Q
nFLLliTnIEHlkaCJqWoVS/0Ih2Nh2fVMAgV1UHGOKWhoFIR+RD+p23ywrQ5mkeFV
T05iMZtgPcyCwTRk9Zvg3qbRCaFeeO9yKrvt0h+uV3VSm1uB5ezT6+HuTOm1tBnJ
QMuGxD/OAVXrNrBUfeiqx5crccbRI/UO7SOeLKl5+U7jJeRZso5/N83eZ0qG0p38
3DPmhW6ykm0mh9UN7SVTeHwRt9XYnA2osq+DjC1w7MWGiZBs18Ij9AkFqV5YZM96
TwK2NBtKig7zeCHxA5n6/EJiWjGhoarXa4WJO/VXtsjk11MoPJnw+fzQQzaIotre
eqn4sgZZcKkIQgXte/qumsvRibdJHNzaZ7ANe5xj9L+gpmIFtskR+2EpHvbpcgPc
0oFVISRmRiSOgjY0aEEjmmT+Rjjcn5GkY6RkSIBzVXNTa6FaM4VoIMzw69unMefQ
GeiJQbTAol8Nqh7JyO4wXF6cvPRyMc0oiVLm4xIuGFb0/Hv/0lUN3rcYXajwlUve
T3GMJ2SadopW9ec/ZY153lkQIIyWs2D6CYOMfrbk2ogiXlz+VuVI/djOJPEAS15p
hVLoblEvHKtUF4DGY4LfXjVTEo4fXb5tpIJDZiZyb/ZNNzelicklb7CPIde7RVR4
3p4Lb/Yc2Xc=
=VsBO
-----END PGP SIGNATURE-----

« Back to bulletins