CVE-2018-17855

Опубликовано: 09 окт. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

Ссылки

http://www.securityfocus.com/bid/105559
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041914
Third Party Advisory
VDB Entry
https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification
Vendor Advisory
http://www.securityfocus.com/bid/105559
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041914
Third Party Advisory
VDB Entry
https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Версия от 1.5.0 (включая) до 3.8.13 (исключая)

EPSS

Процентиль: 47%

0.00242

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-7gxw-9g78-6pr9