Vulnerabilities > CVE-2018-17857 - Incorrect Authorization vulnerability in Joomla Joomla!

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

joomla

CWE-863

nessus

NVD

Published: 2018-10-09

Updated: 2019-10-03

Summary

An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.

Vulnerable Configurations

Part	Description	Count
Application	Joomla Joomla Joomla! 3.1.0 Joomla Joomla! 3.1.1 Joomla Joomla! 3.1.2 Joomla Joomla! 3.1.3 Joomla Joomla! 3.1.4 Joomla Joomla! 3.1.5 Joomla Joomla! 3.1.6 Joomla Joomla! 3.2.0 Joomla Joomla! 3.2.1 Joomla Joomla! 3.2.2 Joomla Joomla! 3.2.3 Joomla Joomla! 3.2.4 Joomla Joomla! 3.2.5 Joomla Joomla! 3.2.6 Joomla Joomla! 3.2.7 Joomla Joomla! 3.3.0 Joomla Joomla! 3.3.1 Joomla Joomla! 3.3.2 Joomla Joomla! 3.3.3 Joomla Joomla! 3.3.4 Joomla Joomla! 3.3.5 Joomla Joomla! 3.3.6 Joomla Joomla! 3.4.0 Joomla Joomla! 3.4.1 Joomla Joomla! 3.4.2 Joomla Joomla! 3.4.3 Joomla Joomla! 3.4.4 Joomla Joomla! 3.4.5 Joomla Joomla! 3.4.6 Joomla Joomla! 3.4.7 Joomla Joomla! 3.4.8 Joomla Joomla! 3.5.0 Joomla Joomla! 3.5.1 Joomla Joomla! 3.6.0 Joomla Joomla! 3.6.1 Joomla Joomla! 3.6.2 Joomla Joomla! 3.6.3 Joomla Joomla! 3.6.4 Joomla Joomla! 3.6.5 Joomla Joomla! 3.7.0 Joomla Joomla! 3.7.1 Joomla Joomla! 3.7.2 Joomla Joomla! 3.7.3 Joomla Joomla! 3.7.4 Joomla Joomla! 3.7.5 Joomla Joomla! 3.8.0 Joomla Joomla! 3.8.1 Joomla Joomla! 3.8.2 Joomla Joomla! 3.8.3 Joomla Joomla! 3.8.4 Joomla Joomla! 3.8.5 Joomla Joomla! 3.8.6 Joomla Joomla! 3.8.7 Joomla Joomla! 3.8.8 Joomla Joomla! 3.8.9 Joomla Joomla! 3.8.10 Joomla Joomla! 3.8.11 Joomla Joomla! 3.8.12	175

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Nessus

NASL family	CGI abuses
NASL id	JOOMLA_3813.NASL
description	According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.8.13. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	118069
published	2018-10-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118069
title	Joomla! < 3.8.13 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(118069); script_version("1.6"); script_cvs_date("Date: 2019/11/01"); script_cve_id( "CVE-2018-17855", "CVE-2018-17856", "CVE-2018-17857", "CVE-2018-17858", "CVE-2018-17859" ); script_name(english:"Joomla! < 3.8.13 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Joomla!."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.8.13. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); # https://www.joomla.org/announcements/release-news/5747-joomla-3-8-13-release.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?635bf73c"); script_set_attribute(attribute:"solution", value: "Upgrade to Joomla! version 3.8.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17858"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/12"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:joomla:joomla\!"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("joomla_detect.nasl"); script_require_keys("installed_sw/Joomla!", "www/PHP", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("http.inc"); include("vcf.inc"); port = get_http_port(default:80, php:TRUE); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_info = vcf::get_app_info(app:"Joomla!", port:port, webapp:TRUE); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.5.0", "fixed_version" : "3.8.13" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xsrf:TRUE});

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References