Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1961 Security Announcements in Joomla! core 4 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Joomla! Core Publisher: Joomla! Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Request Forgery -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-13763 CVE-2020-13762 CVE-2020-13761 CVE-2020-13760 CVE-2020-11023 CVE-2020-11022 Reference: ESB-2020.1804 Original Bulletin: https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall.html https://developer.joomla.org/security-centre/816-20200604-core-xss-in-jquery-htmlprefilter.html https://developer.joomla.org/security-centre/815-20200603-core-xss-in-com-modules-tag-options.html https://developer.joomla.org/security-centre/814-20200602-core-inconsistent-default-textfilter-settings.html https://developer.joomla.org/security-centre/813-20200601-core-xss-in-modules-heading-tag-option.html Comment: This bulletin contains five (5) Joomla! security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- [20200605] - Core - CSRF in com_postinstall Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.7.0-3.9.18 Exploit type: XSS Reported Date: 2020-May-08 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13760 Description Missing token checks in com_postinstall cause CSRF vulnerabilities. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Khoa Bui Duc Anh - -------------------------------------------------------------------------------- [20200604] - Core - XSS in jQuery.htmlPrefilter Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Versions: 3.0.0-3.9.18 Exploit type: XSS Reported Date: 2020-April-10 Fixed Date: 2020-June-02 CVE Number: CVE-2020-11022 and CVE-2020-11023 Description The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuerys DOM manipulation methods, as in .html(), .append(), and the others." The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: David Jardin, JSST - -------------------------------------------------------------------------------- [20200603] - Core - XSS in com_modules tag options Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0-3.9.18 Exploit type: XSS Reported Date: 2020-May-06 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13762 Description Incorrect input validation of the module tag option in com_modules allow XSS attacks. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Khoa Bui Duc Anh - -------------------------------------------------------------------------------- [20200602] - Core - Inconsistent default textfilter settings Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0-3.9.18 Exploit type: Insecure Permissions Reported Date: 2020-April-23 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13763 Description The default settings of the global "textfilter" configuration doesn't block HTML inputs for 'Guest' users. With 3.9.19, the textfilter for new installations has been set to 'No HTML' for the groups 'Public', 'Guest' and 'Registered'. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Brian Teeman - -------------------------------------------------------------------------------- [20200601] - Core - XSS in modules heading tag option Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0-3.9.18 Exploit type: XSS Reported Date: 2020-May-06 Fixed Date: 2020-June-02 CVE Number: CVE-2020-13761 Description Lack of input validation in the heading tag option of the "Articles Newsflash" and "Articles - Categories" modules allow XSS attacks. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.18 Solution Upgrade to version 3.9.19 Contact The JSST at the Joomla! Security Centre. Reported By: Khoa Bui Duc Anh - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXtiSn+NLKJtyKPYoAQjjOQ//RbCSWjmTdKr6ovRPpGPSCgMDK6Bj6er5 SPD68u1ETflxf03kssLX7xkxj5V88ySlCEkfMBxdfaYNV7ZHrgsh+PIs6HH91hWk /LfQrEYY5g4aSCPMCg5QpKn1nli8rgMw2HSwXwUCBJfh3muZdKomfSHCkJc9QNAH QCWT9CltEgKNx2/PKrxgDJTBu/YSQa7ueK1aoXJesRNpyGbPgoQWOv9F167fTpwN lznMTo04ewuA0fjX0lZNaJFwzArwaTpRVNTVk6F9bSYcSqUct1RDqanYveNkhxEb en6/NceYlYt++/O+RHDkV2X7q8ctjEN83yxLMhJ9DkhAJASbZpfVramAX5acKI7k SBNL/DQiPL/mpIlAXOX6NKhwJWu3UdhR2Xmr3f9A/vIJ42AHzICLtqN+BzTR3aEd j8yU0uE2dUxNmZRtfJP9WrBuM6ESfnSuoWZrvfUK/Q0pjqfQbckzKMD/0rFzJ0Uc 3KhARyFmG86tt7xkuBJt/zYwkNMNP9txaXiROo21wL6p10PmPeTwlzBKhx+YRKCn tEFrpHWlGfLGFhEA0qxmvPEHWhEOpscci2QyPX/haAmmmqHE1sbRAxQuyCqznDcB fJfa2RB4aUr+4JuhZoX8EGyMi5s5pD7KUC2JGxXnYZOh1wdZIjbX/bSWcNbNba9R XL+h1ncUiDI= =sCGL -----END PGP SIGNATURE-----