Alert GCSA-20109 - Aggiornamento di sicurezza per Joomla!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-20109
data: 26 novembre 2020
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
che risolve sette vulnerabilita' di sicurezza,
l'aggiornamento include anche 35 bug fixes e miglioramenti.
[20201101] - Core - com_finder ignores access levels on autosuggest
[20201102] - Core - Disclosure of secrets in Global Configuration page
[20201103] - Core - Path traversal in mod_random_image
[20201104] - Core - SQL injection in com_users list view
[20201105] - Core - User Enumeration in backend login
[20201106] - Core - CSRF in com_privacy emailexport feature
[20201107] - Core - Write ACL violation in multiple core views
Maggiori dettagli sono disponibili negli annunci ufficiali
alla sezione "Riferimenti".
:: Software interessato
Joomla! CMS versioni precedenti alla 3.9.23
:: Impatto
Provide Misleading Information (spoofing)
Cross Site Scripting (XSS)
https://cwe.mitre.org/data/definitions/79.html
Cross-site Request Forgery (CSRF)
https://cwe.mitre.org/data/definitions/352.html
Access Confidential Data
https://cwe.mitre.org/data/definitions/200.html
Unauthorised Access
https://cwe.mitre.org/data/definitions/284.html
Reduced Security
:: Soluzioni
Aggiornare Joomla!
https://downloads.joomla.org/
https://downloads.joomla.org/cms/joomla3/3-9-23
https://downloads.joomla.org/latest
Joomla! update instructions
https://docs.joomla.org/J3.x:Updating_from_an_existing_version/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5828-joomla-3-9-23.html
Disponibile aggiornamento sicurezza Joomla!
https://www.joomla.it/notizie/rilasci-joomla/9070-disponibile-aggiornamento-sicurezza-joomla-3-9-23.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html
https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html
https://developer.joomla.org/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html
https://developer.joomla.org/security-centre/831-20201104-core-sql-injection-in-com-users-list-view.html
https://developer.joomla.org/security-centre/832-20201105-core-user-enumeration-in-backend-login.html
https://developer.joomla.org/security-centre/833-20201106-core-csrf-in-com-privacy-emailexport-feature.html
https://developer.joomla.org/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFfv9CnwZxMk2USYEIRAoT2AKCDl/0lHajSIBxqFP2QfTdEM0pgPgCfXnoV
LrNjBUIMrKNrT1xV946OWKU=
=0rZ6
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-20109
data: 26 novembre 2020
titolo: Aggiornamento di sicurezza per Joomla!
******************************************************************
:: Descrizione del problema
E' stata rilasciata una nuova versione del CMS Joomla!
che risolve sette vulnerabilita' di sicurezza,
l'aggiornamento include anche 35 bug fixes e miglioramenti.
[20201101] - Core - com_finder ignores access levels on autosuggest
[20201102] - Core - Disclosure of secrets in Global Configuration page
[20201103] - Core - Path traversal in mod_random_image
[20201104] - Core - SQL injection in com_users list view
[20201105] - Core - User Enumeration in backend login
[20201106] - Core - CSRF in com_privacy emailexport feature
[20201107] - Core - Write ACL violation in multiple core views
Maggiori dettagli sono disponibili negli annunci ufficiali
alla sezione "Riferimenti".
:: Software interessato
Joomla! CMS versioni precedenti alla 3.9.23
:: Impatto
Provide Misleading Information (spoofing)
Cross Site Scripting (XSS)
https://cwe.mitre.org/data/definitions/79.html
Cross-site Request Forgery (CSRF)
https://cwe.mitre.org/data/definitions/352.html
Access Confidential Data
https://cwe.mitre.org/data/definitions/200.html
Unauthorised Access
https://cwe.mitre.org/data/definitions/284.html
Reduced Security
:: Soluzioni
Aggiornare Joomla!
https://downloads.joomla.org/
https://downloads.joomla.org/cms/joomla3/3-9-23
https://downloads.joomla.org/latest
Joomla! update instructions
https://docs.joomla.org/J3.x:Updating_from_an_existing_version/it
:: Riferimenti
Joomla! Release News
https://www.joomla.org/announcements/release-news/5828-joomla-3-9-23.html
Disponibile aggiornamento sicurezza Joomla!
https://www.joomla.it/notizie/rilasci-joomla/9070-disponibile-aggiornamento-sicurezza-joomla-3-9-23.html
Joomla! Security Announcements
https://developer.joomla.org/security-centre/828-20201101-core-com-finder-ignores-access-levels-on-autosuggest.html
https://developer.joomla.org/security-centre/829-20201102-core-disclosure-of-secrets-in-global-configuration-page.html
https://developer.joomla.org/security-centre/830-20201103-core-path-traversal-in-mod-random-image.html
https://developer.joomla.org/security-centre/831-20201104-core-sql-injection-in-com-users-list-view.html
https://developer.joomla.org/security-centre/832-20201105-core-user-enumeration-in-backend-login.html
https://developer.joomla.org/security-centre/833-20201106-core-csrf-in-com-privacy-emailexport-feature.html
https://developer.joomla.org/security-centre/834-20201107-core-write-acl-violation-in-multiple-core-views.html
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFfv9CnwZxMk2USYEIRAoT2AKCDl/0lHajSIBxqFP2QfTdEM0pgPgCfXnoV
LrNjBUIMrKNrT1xV946OWKU=
=0rZ6
-----END PGP SIGNATURE-----