Blog

Security Advisory - Staff Permission Escalation

February 12, 2014 | Posted by Cody


Affected Versions

Versions 3.0.0 through 3.0.8, and 3.1.0 are affected.

Description

Active and valid staff members may be able to gain additional permissions through crafted URLs. Because this issue requires that the user have an active and valid staff member account, this is classified as a Moderate vulnerability. Patch release 3.0.9 and 3.1.1 corrects this vulnerability.

Resolution

If you are running 3.0.x upgrade to version 3.0.9. If you are running 3.1.0 upgrade to version 3.1.1.

Related tasks:

  1. CORE-1045

Credits

CORE-1045 was discovered by Nerijus Barauskas at NGnTC.

Tags:

Security Advisory - Cross-site scripting vulnerabilities

December 20, 2013 | Posted by Cody


Affected Versions

Versions 3.0.0 through 3.0.6 are affected.

Description

Some content may be rendered in the client and admin interfaces, as well as through the Support plugin without proper sanitization, possibly making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.7 corrects these vulnerabilities.

Resolution

Upgrade to version 3.0.7, or uninstall the affected plugins. Related tasks:

  1. CORE-877
  2. CORE-931
  3. CORE-932

Credits

CORE-931 was discovered by Clifford Trigo (@mrtrizaeron) and Evan Ricafort (@robinhood0x00). CORE-877 and CORE-932 were discovered by the Blesta Development Team.

Tags:

Security Advisory - Plugin vulnerabilities

October 24, 2013 | Posted by Cody


Affected Versions

Versions 3.0.0 through 3.0.4 are affected.

Description

Some content may be rendered in both the System Overview and Feed Reader plugins without proper sanitization, making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.5 corrects these vulnerabilities. Uninstalling the affected plugins will also mitigate any potential attacks.

Resolution

Upgrade to version 3.0.5, or uninstall the affected plugins. Related tasks:

  1. CORE-829
  2. CORE-830
Credits

These issues were discovered by the Blesta Development Team.

Tags:

Security Advisory – Cross-site scripting vulnerabilities

October 7, 2013 | Posted by Cody


Affected Versions

Versions 3.0.0 through 3.0.3 are affected.

Description

Some messages may be rendered without proper sanitization, making the system vulnerable to cross-site scripting (XSS) attacks through carefully crafted URLs. Two distinct message types are vulnerable to such an attack. Disabling PHP error reporting mitigates one of these vectors. Both issues are fully resolved in patch release 3.0.4.

Resolution

Upgrade to version 3.0.4. Related tasks:

  1. CORE-796
  2. CORE-797
Credits

Thanks to Vlad C. of NetSec Interactive Solutions for reporting these issues.

Tags: