[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: High Versions: 3.2.0 through 3.9.4 Exploit type: ACL Violation Reported Date: 2019-March-13 Fixed Date: 2019-April-08 CVE Number: CVE-2019-10946 Description The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users. Affected Installs Joomla! CMS versions 3.2.0 through 3.9.4 Solution Upgrade to version 3.9.5 Contact The JSST at the Joomla! Security Centre. Reported By: Benjamin Trenkle (JSST)
- Zugriffe: 813