[20200702] - Core - Missing checks can lead to a broken usergroups table record

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0-3.9.19
Exploit type: Incorrect Access Control
Reported Date: 2020-April-04
Fixed Date: 2020-July-14
CVE Number: CVE-2020-15699

Description

Missing validation checks at the usergroups table object can result into an broken site configuration.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.19

Solution

Upgrade to version 3.9.20

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hoang Kien from VSEC