==================================================================== CERT-Renater Note d'Information No. 2019/VULN083 _____________________________________________________________________ DATE : 09/04/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Joomla versions prior to 3.9.5. ===================================================================== https://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users.html https://developer.joomla.org/security-centre/779-20190403-core-object-prototype-pollution-in-jquery-extend.html https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media.html _____________________________________________________________________ [20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users Project: Joomla! SubProject: CMS Impact: Low Severity: High Versions: 3.2.0 through 3.9.4 Exploit type: ACL Violation Reported Date: 2019-March-13 Fixed Date: 2019-April-08 CVE Number: CVE-2019-10946 Description The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. Affected Installs Joomla! CMS versions 3.2.0 through 3.9.4 Solution Upgrade to version 3.9.5 Contact The JSST at the Joomla! Security Centre. Reported By: Benjamin Trenkle (JSST) _____________________________________________________________________ [20190403] - Core - Object.prototype pollution in JQuery $.extend Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Versions: 3.0.0 through 3.9.4 Exploit type: XSS Reported Date: 2019-March-25 Fixed Date: 2019-April-09 CVE Number: TBA Description The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks. Affected Installs Joomla! CMS versions 3.0.0 through 3.9.4 Solution Upgrade to version 3.9.5 Contact The JSST at the Joomla! Security Centre. Reported By: Michał Gołębiowski-Owczarek, David Jardin (JSST) _____________________________________________________________________ [20190401] - Core - Directory Traversal in com_media Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.5.0 through 3.9.4 Exploit type: Directory Traversal Reported Date: 2019-March-13 Fixed Date: 2019-April-08 CVE Number: CVE-2019-10945 Description The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory. Affected Installs Joomla! CMS versions 1.5.0 through 3.9.4 Solution Upgrade to version 3.9.5 Contact The JSST at the Joomla! Security Centre. Reported By: Haboob Research Team ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================