SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Forum/Board/Portal)  >   Joomla! Vendors:   joomla.org
Joomla! Multiple Flaws Let Remote Authenticated Users Modify ACLs and Execute Arbitrary Code, Remote Users Obtain Potentially Sensitive Information and Conduct Cross-Site Scripting Attacks, and Local Users Obtain Passwords
SecurityTracker Alert ID:  1040966
SecurityTracker URL:  http://securitytracker.com/id/1040966
CVE Reference:   CVE-2018-11321, CVE-2018-11322, CVE-2018-11323, CVE-2018-11324, CVE-2018-11325, CVE-2018-11326, CVE-2018-11327, CVE-2018-11328, CVE-2018-6378   (Links to External Site)
Date:  May 23 2018
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.5.0 - 3.8.7
Description:   Multiple vulnerabilities were reported in Joomla!. A remote authenticated user can modify data on the target system. A remote authenticated user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can conduct cross-site scripting attacks. A local user can view the administrator password in certain cases.

The media manager does not properly filter HTML code from user-supplied input in file and folder names before displaying the input [CVE-2018-6378]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Joomla! software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The software does not properly filter HTML code from user-supplied input in redirect URIs containing a username and password before displaying the input [CVE-2018-11328]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Joomla! software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. Versions 3.1.2 and after are affected.

The software does not properly filter HTML code from user-supplied input in various fields before displaying the input [CVE-2018-11326]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Joomla! software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. Versions 3.0.0 and after are affected.

The system may recreate a session that was to be destroyed due to a race condition [CVE-2018-11324]. The impact was not specified. Versions 3.0.0 and after are affected.

A remote authenticated user that has privileges to create custom fields can modify the filtering options in com_fields to inject an unvalidated option and execute arbitrary code on the target system [CVE-2018-11321]. Versions 3.7.0 and after are affected.

[Editor's note: The vendor has assigned CVE-2018-11321 a Severity of "Low" and an Impact of "Moderate".]

A local user can view the plain text password for the administrator account when the web install application autofills password fields after a form validation error or navigating to a previous install step [CVE-2018-11325]. Versions 3.0.0 and after are affected.

A remote user can view potentially sensitive names of tags that are unpublished or published with restricted view permissions [CVE-2018-11327]. Versions 3.1.0 and after are affected.

A remote authenticated user can upload PHAR files, which may be processed as executable PHP scripts by the web server on some systems [CVE-2018-11322]. Versions 2.5.0 and after are affected.

A remote authenticated user can modify the access levels of user groups that have higher permissions [CVE-2018-11323]. Versions 2.5.0 and after are affected.

Matias Aguirre (JSST), Demis Palma (JSST), Phil Taylor (JSST), David Jardin (JSST), Benjamin Trenkle (JSST), Kai Zhao of 3H Security Team & Zhouyuan Yang (FortiGuard Labs), and Sascha Egerer reported these vulnerabilities.

Impact:   A remote authenticated user can modify access control lists (ACLs) on the target system.

A local user can view the administrator password in certain cases.

A remote authenticated user can execute arbitrary code on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Joomla! software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued a fix (3.8.8).

The vendor advisories are available at:

https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html
https://developer.joomla.org/security-centre/736-20180508-core-possible-xss-attack-in-the-redirect-method.html
https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html
https://developer.joomla.org/security-centre/734-20180506-core-filter-field-in-com-fields-allows-remote-code-execution.html
https://developer.joomla.org/security-centre/733-20180505-core-xss-vulnerabilities-additional-hardening.html
https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html
https://developer.joomla.org/security-centre/731-20180503-core-information-disclosure-about-unpublished-tags.html
https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html
https://developer.joomla.org/security-centre/729-20180501-core-acl-violation-in-access-levels.html

Vendor URL:  developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC