[20171103] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: CMS
  • Severity:Low
  • Versions: 3.7.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-May-17
  • Fixed Date: 2017-November-07
  • CVE Number:CVE-2017-16633

Description

A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Internal JSST audit

Read more http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/ZBmazG0EZeU/715-20171103-core-information-disclosure.html

Tags: