• Project: Joomla!
• SubProject: CMS

Description

Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set the "New User Registration Group" and "Guest User Group" to a group with Super User permissions and restricting the ability for a lesser privileged user to make user group assignment changes to users in a Super User group.

Additionally, we have modified the behavior of JUser::authorise() to only return a boolean value. Previously, this method could return either a boolean value or null because the underlying call to JAccess::check() can also return a null value; neither JUser::authorise() or JAccess::check() documented this though. We have determined that based on how the API is used that JUser::authorise() should only return a boolean value. If a developer requires the previous behavior of a null return value (which indicates an "implicit" denied state versus "explicit" signified by boolean false), they should use JAccess::check() instead. The documentation for JAccess::check() has been updated to indicate the null return value as well.

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: Low
• Versions: 3.0.0 through 3.6.4
• Exploit type: Information Disclosure
• Reported Date: 2016-April-15
• Fixed Date: 2016-December-06
• CVE Number: CVE-2016-9837

Description

Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.6.4

Solution

Upgrade to version 3.6.5

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: Low
• Versions: 3.0.0 through 3.6.4
• Exploit type: Shell Upload
• Reported Date: 2016-October-26
• Fixed Date: 2016-December-06
• CVE Number: CVE-2016-9836

Description

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.6.4

Solution

Upgrade to version 3.6.5

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: High
• Versions: 1.6.0 through 3.6.4
• Exploit type: Elevated Privileges
• Reported Date: 2016-November-04
• Fixed Date: 2016-December-06
• CVE Number: CVE-2016-9838

Description

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.4

Solution

Upgrade to version 3.6.5

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: High
• Versions: 3.4.4 through 3.6.3
• Exploit type: Account Modifications
• Reported Date: 2016-October-26
• Fixed Date: 2016-October-25
• CVE Number: CVE-2016-9081

Description

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: High
• Versions: 3.4.4 through 3.6.3
• Exploit type: Elevated Privileges
• Reported Date: 2016-October-21
• Fixed Date: 2016-October-25
• CVE Number: CVE-2016-8869

Description

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: High
• Versions: 3.4.4 through 3.6.3
• Exploit type: Account Creation
• Reported Date: 2016-October-18
• Fixed Date: 2016-October-25
• CVE Number: CVE-2016-8870

Description

Inadequate checks allows for users to register on a site when registration has been disabled.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: Low
• Versions: 1.6.0 through 3.6.0
• Exploit type: XSS Vulnerability
• Reported Date: 2016-February-05
• Fixed Date: 2016-August-03
• CVE Number: Requested

Description

Inadequate escaping leads to XSS vulnerability in mail component.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.0

Solution

Upgrade to version 3.6.1

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: Low
• Versions: 1.6.0 through 3.6.0
• Exploit type: ACL Violation
• Reported Date: 2016-April-29
• Fixed Date: 2016-August-03
• CVE Numbers: requested

Description

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.0

Solution

Upgrade to version 3.6.1

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Severity: Medium
• Versions: 3.6.0
• Exploit type: CSRF
• Reported Date: 2016-July-19
• Fixed Date: 2016-August-03
• CVE Numbers: requested

Description

Add additional CSRF hardening in com_joomlaupdate.

Affected Installs

Joomla! CMS version 3.6.0

Solution

Upgrade to version 3.6.1

Contact

The JSST at the Joomla! Security Centre.