[20200402] - Core - Missing checks for the root usergroup in usergroup table

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 - 3.9.16
Exploit type: Incorrect Access Control
Reported Date: 2020-February-27
Fixed Date: 2020-April-21
CVE Number: CVE-2020-11890

Description

Inproper input validations in the usergroup table class could lead to a broken ACL configuration.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.16

Solution

Upgrade to version 3.9.17

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC