Synology-SA-17:55 Joomla
Publish Time: 2017-09-22 17:09:54 UTC+8
Last Updated: 2017-10-06 17:19:09 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
CVE-2017-14596 allows remote attackers to retrieve sensitive information via a vulnerable version of Joomla.
Severity
- Impact: Moderate
- CVSS3 Base Score: 5.9
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected
- Products
- Joomla before 3.8.0-0160
- Models
- All Synology models
Description
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Mitigation
None
Update Availability
To fix the security issue, please go to DSM > Package Center and update Joomla to 3.8.0-0160 or above.
Reference