Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2433
Joomla! CMS July security updates
16 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Joomla! Core
Publisher: Joomla project
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Cross-site Request Forgery -- Existing Account
Denial of Service -- Unknown/Unspecified
Access Confidential Data -- Existing Account
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-15699 CVE-2020-15698 CVE-2020-15697
CVE-2020-15696 CVE-2020-15695 CVE-2020-13760
Original Bulletin:
https://developer.joomla.org/security-centre/
- --------------------------BEGIN INCLUDED TEXT--------------------
[20200706] - Core - System Information screen could expose redis or proxy
credentials
* Project: Joomla!
* SubProject: CMS
* Impact: Low
* Severity: Low
* Versions: 3.0.0-3.9.19
* Exploit type: Information Disclosure
* Reported Date: 2020-Jun-17
* Fixed Date: 2020-July-14
* CVE Number: CVE-2020-15698
Description
Inadequate filtering in the system information screen could expose redis or
proxy credentials
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Reported By: Phil Taylor
[20200705] - Core - Escape mod_random_image link
* Project: Joomla!
* SubProject: CMS
* Impact: Low
* Severity: Low
* Versions: 3.0.0-3.9.19
* Exploit type: XSS
* Reported Date: 2020-Jun-08
* Fixed Date: 2020-July-14
* CVE Number: CVE-2020-15696
Description
Lack of input filtering and escaping allows XSS attacks in mod_random_image
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Reported By: Phil Taylor
[20200704] - Core - Variable tampering via user table class
* Project: Joomla!
* SubProject: CMS
* Impact: Low
* Severity: Low
* Versions: 3.0.0-3.9.19
* Exploit type: Incorrect Access Control
* Reported Date: 2020-Jun-02
* Fixed Date: 2020-July-14
* CVE Number: CVE-2020-15697
Description
Internal read-only fields in the User table class could be modified by users.
Affected Installs
Joomla! CMS versions 3.9.0 - 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Reported By: Phil Taylor
[20200703] - Core - CSRF in com_privacy remove-request feature
* Project: Joomla!
* SubProject: CMS
* Impact: Low
* Severity: Low
* Versions: 3.9.0-3.9.19
* Exploit type: CSRF
* Reported Date: 2020-May-07
* Fixed Date: 2020-July-14
* CVE Number: CVE-2020-15695
Description
A missing token check in the remove request section of com_privacy causes a
CSRF vulnerability.
Affected Installs
Joomla! CMS versions 3.9.0 - 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
[20200702] - Core - Missing checks can lead to a broken usergroups table record
* Project: Joomla!
* SubProject: CMS
* Impact: Moderate
* Severity: Low
* Versions: 2.5.0-3.9.19
* Exploit type: Incorrect Access Control
* Reported Date: 2020-April-04
* Fixed Date: 2020-July-14
* CVE Number: CVE-2020-15699
Description
Missing validation checks at the usergroups table object can result into an
broken site configuration.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hoang Kien from VSEC
[20200701] - Core - CSRF in com_installer ajax_install endpoint
* Project: Joomla!
* SubProject: CMS
* Impact: Low
* Severity: Low
* Versions: 3.7.0-3.9.19
* Exploit type: CSRF
* Reported Date: 2020-May-07
* Fixed Date: 2020-July-14
* CVE Number: CVE-2020-XXXXX
Description
A missing token check in the ajax_install endpoint com_installer causes a CSRF
vulnerability.
Affected Installs
Joomla! CMS versions 3.7.0 - 3.9.19
Solution
Upgrade to version 3.9.20
Contact
The JSST at the Joomla! Security Centre.
Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
[20200605] - Core - CSRF in com_postinstall
* Project: Joomla!
* SubProject: CMS
* Impact: Low
* Severity: Low
* Versions: 3.7.0-3.9.18
* Exploit type: CSRF
* Reported Date: 2020-May-08
* Fixed Date: 2020-June-02
* CVE Number: CVE-2020-13760
Description
Missing token checks in com_postinstall cause CSRF vulnerabilities.
Affected Installs
Joomla! CMS versions 3.7.0 - 3.9.18
Solution
Upgrade to version 3.9.19
Contact
The JSST at the Joomla! Security Centre.
Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXw/qWeNLKJtyKPYoAQhjoxAAlUn7/PVW2OT2phKsExLM31jSgvyWz6aP
0FgdjrFoGUYFoLhbVk3mdKcfGb6Rnu6BYpAnpUzPu3wejZFR6UfWwhGglRMCNoPc
qvxnFf7isa0btK/tjvEsE1N8vC7LF8WRtMiqCgoQwnOcRvTwUM6AfidrXl2krwaX
Khq3R3+V2zHGVxgnhvHfBTgH/8DNsj0vIuz29YoMq1uiXlF8wlyAO06H4kcB8Ebr
bkPfojyQcIgLPRysWkGcYJqVXuZgSX2qBc40JtkBloJq7LAHE0Ogrzu9t33CY0oy
d1+lxMjEdwo6Dkx5Wb+2oxJqrDr/DYK+fTmOthONFRwBRuohIG/fOevkLn3AS8oF
D26QytnxuQlNjMe6qgV3iXfmkyw8rottTgY8312AuyydPKId00HMb/qn1kuK6dhZ
9cYQ9DwYx7dHRQV0XykBrovueF7ZwXUVtYtuS1DW1IMjB6aOWuNHN7l83dOxoEvo
K+wo/vbZe4xT+D9uCyopmG/jIAaXQRsjlkTEpraJDCRKgOdihTvURuMQN+ec9Pb7
6Vf1D2xxh2X/N7BLNTgtdWX6afW+icJaOjn3hGTlY/0E2V/Mn0dXkw9UpQZpPmS4
RfqlUJ+WTLkj8ZrQqRfQ3BdzBQj0YGmt2HTWNssC9KInyFsZzDP5FD+O/S59Hf8J
b38dIPybtqY=
=0wEY
-----END PGP SIGNATURE-----