[20201107] – Core – Write ACL violation in multiple core views

  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions:1.7.0 - 3.9.22
  • Exploit type: ACL Violation
  • Reported Date: 2018-11-04
  • Fixed Date: 2020-11-24
  • CVE Number: CVE-2020-xxx (TBA)

Description

Lack of input validation while handling ACL rulesets can cause write ACL violations.

Affected Installs

Joomla! CMS versions 1.7.0 - 3.9.22

Solution

Upgrade to version 3.9.23

Contact

The JSST at the Joomla! Security Centre.

Reported By:  Elisa Foltyn, Benjamin Trenkle

Leave a Comment