Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0900 Joomla! Security Announcements 12 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla core Publisher: Joomla Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Cross-site Request Forgery -- Unknown/Unspecified Cross-site Scripting -- Unknown/Unspecified Unauthorised Access -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-10243 CVE-2020-10242 CVE-2020-10241 CVE-2020-10240 CVE-2020-10239 CVE-2020-10238 Original Bulletin: https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html Comment: This bulletin contains six (6) Joomla security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- [20200306] - Core - SQL injection in Featured Articles menu parameters * Project: Joomla! * SubProject: CMS * Impact: High * Severity: Low * Versions: 1.7.0-3.9.15 * Exploit type: SQL Injection * Reported Date: 2020-March-9 * Fixed Date: 2020-March-10 * CVE Number: CVE-2020-10243 Description The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype. Affected Installs Joomla! CMS versions 1.7.0 - 3.9.15 Solution Upgrade to version 3.9.16 Contact The JSST at the Joomla! Security Centre. Reported By: Sam Thomas, Pentest.co.uk - -------------------------------------------------------------------------------- [20200304] - Core - Identifier collisions in com_users * Project: Joomla! * SubProject: CMS * Impact: High * Severity: Low * Versions: 3.0.0-3.9.15 * Exploit type: Other * Reported Date: 2020-February-07 * Fixed Date: 2020-March-10 * CVE Number: CVE-2020-10240 Description Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.15 Solution Upgrade to version 3.9.16 Contact The JSST at the Joomla! Security Centre. Reported By: Lee Thao from Viettel Cyber Security - -------------------------------------------------------------------------------- [20200305] - Core - Incorrect Access Control in com_fields SQL field * Project: Joomla! * SubProject: CMS * Impact: High * Severity: Low * Versions: 3.7.0-3.9.15 * Exploit type: Incorrect Access Control * Reported Date: 2020-February-28 * Fixed Date: 2020-March-10 * CVE Number: CVE-2020-10239 Description Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.15 Solution Upgrade to version 3.9.16 Contact The JSST at the Joomla! Security Centre. Reported By: HO?NG KI?N - -------------------------------------------------------------------------------- [20200303] - Core - Incorrect Access Control in com_templates * Project: Joomla! * SubProject: CMS * Impact: High * Severity: Low * Versions: 2.5.0-3.9.15 * Exploit type: Incorrect Access Control * Reported Date: 2020-January-31 * Fixed Date: 2020-March-10 * CVE Number: CVE-2020-10238 Description Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.15 Solution Upgrade to version 3.9.16 Contact The JSST at the Joomla! Security Centre. Reported By: HO?NG KI?N - -------------------------------------------------------------------------------- [20200302] - Core - XSS in Protostar and Beez3 * Project: Joomla! * SubProject: CMS * Impact: Moderate * Severity: Low * Versions: 3.0.0-3.9.15 * Exploit type: XSS * Reported Date: 2020-February-24 * Fixed Date: 2020-March-10 * CVE Number: CVE-2020-10242 Description Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.15 Solution Upgrade to version 3.9.16 Contact The JSST at the Joomla! Security Centre. Reported By: Pham Van Khanh - -------------------------------------------------------------------------------- [20200301] - Core - CSRF in com_templates image actions * Project: Joomla! * SubProject: CMS * Impact: Moderate * Severity: Low * Versions: 3.2.0-3.9.15 * Exploit type: CSRF * Reported Date: 2020-February-06 * Fixed Date: 2020-March-10 * CVE Number: CVE-2020-10241 Description Missing token checks in the image actions of com_templates causes CSRF vulnerabilities. Affected Installs Joomla! CMS versions 3.2.0 - 3.9.15 Solution Upgrade to version 3.9.16 Contact The JSST at the Joomla! Security Centre. Reported By: Ho?ng Ki?n - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmnLYWaOgq3Tt24GAQiyaRAA2wvl4HMm2ejmw+tpDDyXdAbOtynaZX2b z4bAFaWn3JsvQZkMs/Ej4F8u/3Y3n6AojaU6C12xJzqo6uQQiQDGWSuxz+6A28OF eQCLrfcPCN++xeu69LKIbGGA33l88F+c1Fj2lqubZ5KENn/03MnFaLVB5iicb9Jv 80k3ij/4n+o0MuwchkeHFAhk8u2ULnOFjdC2IeazXVBM6mabp4L+dUXrSrW1RSYf C+wNuFl37oDcC/w0T5cPEi66GlnrhRJ88n1ECqpBD/mIMOaxQgDfbHp4SMx+lZeI DfDElLAdDQ4DgjO+hPiIdsa9RU0nEXgCqDbMn71EXXyTm7lXgeeNbPae/wmmJ9BD FMSB1xBW+OflcYuhxHQj+nDVdI6Ag7LYbSQHEt6b75d0JqzmdHvmYwl81fIBL9y5 bW7rS3Sre+ti/g5QH8N63yfDty0VnXj7qTtN+I2t4ayNc1vDh3hMwpV2q7s+r+L6 bv+y32Kgq7iWeJiJ8osFKDyy8W+ZFBsaeH7U2180Wde/DCU9YN3rSeIxjcpjtIxT 0MV6QN9s1PyionUoz+nUA0Igt3hx4Ts5nqevAJe/2tPaMhk4dY79mofG+DuKbBmB N0LqADBZIVGmJn/Rv07uB9mGBZX74iLQ725ACfvlH6wr25afFtww4KxaKEIE7PGZ tu9cHfE7cqI= =rM7i -----END PGP SIGNATURE-----