- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.1.0 through 3.8.7
- Exploit type: Information Disclosure
- Reported Date: 2018-April-27
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-XXXX
Description
Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission .
Affected Installs
Joomla! CMS versions 3.1.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Contact
The JSST at the Joomla! Security Centre.
Reported By: Phil Taylor, JSST