Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2433 Joomla! CMS July security updates 16 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla! Core Publisher: Joomla project Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Scripting -- Remote with User Interaction Cross-site Request Forgery -- Existing Account Denial of Service -- Unknown/Unspecified Access Confidential Data -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-15699 CVE-2020-15698 CVE-2020-15697 CVE-2020-15696 CVE-2020-15695 CVE-2020-13760 Original Bulletin: https://developer.joomla.org/security-centre/ - --------------------------BEGIN INCLUDED TEXT-------------------- [20200706] - Core - System Information screen could expose redis or proxy credentials * Project: Joomla! * SubProject: CMS * Impact: Low * Severity: Low * Versions: 3.0.0-3.9.19 * Exploit type: Information Disclosure * Reported Date: 2020-Jun-17 * Fixed Date: 2020-July-14 * CVE Number: CVE-2020-15698 Description Inadequate filtering in the system information screen could expose redis or proxy credentials Affected Installs Joomla! CMS versions 3.0.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor [20200705] - Core - Escape mod_random_image link * Project: Joomla! * SubProject: CMS * Impact: Low * Severity: Low * Versions: 3.0.0-3.9.19 * Exploit type: XSS * Reported Date: 2020-Jun-08 * Fixed Date: 2020-July-14 * CVE Number: CVE-2020-15696 Description Lack of input filtering and escaping allows XSS attacks in mod_random_image Affected Installs Joomla! CMS versions 3.0.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor [20200704] - Core - Variable tampering via user table class * Project: Joomla! * SubProject: CMS * Impact: Low * Severity: Low * Versions: 3.0.0-3.9.19 * Exploit type: Incorrect Access Control * Reported Date: 2020-Jun-02 * Fixed Date: 2020-July-14 * CVE Number: CVE-2020-15697 Description Internal read-only fields in the User table class could be modified by users. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor [20200703] - Core - CSRF in com_privacy remove-request feature * Project: Joomla! * SubProject: CMS * Impact: Low * Severity: Low * Versions: 3.9.0-3.9.19 * Exploit type: CSRF * Reported Date: 2020-May-07 * Fixed Date: 2020-July-14 * CVE Number: CVE-2020-15695 Description A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. Affected Installs Joomla! CMS versions 3.9.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security [20200702] - Core - Missing checks can lead to a broken usergroups table record * Project: Joomla! * SubProject: CMS * Impact: Moderate * Severity: Low * Versions: 2.5.0-3.9.19 * Exploit type: Incorrect Access Control * Reported Date: 2020-April-04 * Fixed Date: 2020-July-14 * CVE Number: CVE-2020-15699 Description Missing validation checks at the usergroups table object can result into an broken site configuration. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Hoang Kien from VSEC [20200701] - Core - CSRF in com_installer ajax_install endpoint * Project: Joomla! * SubProject: CMS * Impact: Low * Severity: Low * Versions: 3.7.0-3.9.19 * Exploit type: CSRF * Reported Date: 2020-May-07 * Fixed Date: 2020-July-14 * CVE Number: CVE-2020-XXXXX Description A missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security [20200605] - Core - CSRF in com_postinstall * Project: Joomla! * SubProject: CMS * Impact: Low * Severity: Low * Versions: 3.7.0-3.9.18 * Exploit type: CSRF * Reported Date: 2020-May-08 * Fixed Date: 2020-June-02 * CVE Number: CVE-2020-13760 Description Missing token checks in com_postinstall cause CSRF vulnerabilities. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXw/qWeNLKJtyKPYoAQhjoxAAlUn7/PVW2OT2phKsExLM31jSgvyWz6aP 0FgdjrFoGUYFoLhbVk3mdKcfGb6Rnu6BYpAnpUzPu3wejZFR6UfWwhGglRMCNoPc qvxnFf7isa0btK/tjvEsE1N8vC7LF8WRtMiqCgoQwnOcRvTwUM6AfidrXl2krwaX Khq3R3+V2zHGVxgnhvHfBTgH/8DNsj0vIuz29YoMq1uiXlF8wlyAO06H4kcB8Ebr bkPfojyQcIgLPRysWkGcYJqVXuZgSX2qBc40JtkBloJq7LAHE0Ogrzu9t33CY0oy d1+lxMjEdwo6Dkx5Wb+2oxJqrDr/DYK+fTmOthONFRwBRuohIG/fOevkLn3AS8oF D26QytnxuQlNjMe6qgV3iXfmkyw8rottTgY8312AuyydPKId00HMb/qn1kuK6dhZ 9cYQ9DwYx7dHRQV0XykBrovueF7ZwXUVtYtuS1DW1IMjB6aOWuNHN7l83dOxoEvo K+wo/vbZe4xT+D9uCyopmG/jIAaXQRsjlkTEpraJDCRKgOdihTvURuMQN+ec9Pb7 6Vf1D2xxh2X/N7BLNTgtdWX6afW+icJaOjn3hGTlY/0E2V/Mn0dXkw9UpQZpPmS4 RfqlUJ+WTLkj8ZrQqRfQ3BdzBQj0YGmt2HTWNssC9KInyFsZzDP5FD+O/S59Hf8J b38dIPybtqY= =0wEY -----END PGP SIGNATURE-----