Security Advisory – Two-Factor and Privilege Issues
Affected Versions
Versions 3.0.0 through 3.1.3 are affected.
Description
A user with a valid username and password may be able to properly validate two-factor authentication using TOTP by guessing the correct code. This issue is classified as a Low vulnerability. (CORE-1213)
An authenticated staff member may be able to affect settings in the system where they are otherwise prohibited via ACL restrictions, via carefully crafted HTTP POST requests under limited circumstances. This issue is classified as a Moderate vulnerability. (CORE-1163)
Resolution
If you are running 3.0.x or 3.1.0 through 3.1.3 upgrade to version 3.1.4 or version 3.2.0.
Related tasks:
- CORE-1163
- CORE-1213
Credits
CORE-1163 was discovered by the Blesta Development Team. CORE-1213 was discovered by Kyle at MemoryX2.
Related Tags:
Security Advisory – Various Staff Permission Issues
Affected Versions
Versions 3.0.0 through 3.0.9, and 3.1.0 through 3.1.1 are affected.
Description
Active and valid staff members may be able to access areas of the application without proper ACL permissions. Additionally, staff members may not be logged out immediately after being made inactive. These issues are classified as Moderate vulnerabilities. Patch release 3.0.10 and 3.1.2 correct these vulnerabilities.
Resolution
If you are running 3.0.x upgrade to version 3.0.10. If you are running 3.1.x upgrade to version 3.1.2.
Related tasks:
- CORE-1062
- CORE-1063
- CORE-1064
Credits
CORE-1062 was discovered by Nerijus Barauskas at NGnTC. CORE-1063 and CORE-1064 were discovered by the Blesta Development Team.
Related Tags:
Security Advisory - Staff Permission Escalation
Affected Versions
Versions 3.0.0 through 3.0.8, and 3.1.0 are affected.
Description
Active and valid staff members may be able to gain additional permissions through crafted URLs. Because this issue requires that the user have an active and valid staff member account, this is classified as a Moderate vulnerability. Patch release 3.0.9 and 3.1.1 corrects this vulnerability.
Resolution
If you are running 3.0.x upgrade to version 3.0.9. If you are running 3.1.0 upgrade to version 3.1.1.
Related tasks:
- CORE-1045
Credits
CORE-1045 was discovered by Nerijus Barauskas at NGnTC.
Related Tags:
Security Advisory - Cross-site scripting vulnerabilities
Affected Versions
Versions 3.0.0 through 3.0.6 are affected.
Description
Some content may be rendered in the client and admin interfaces, as well as through the Support plugin without proper sanitization, possibly making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.7 corrects these vulnerabilities.
Resolution
Upgrade to version 3.0.7, or uninstall the affected plugins. Related tasks:
- CORE-877
- CORE-931
- CORE-932
Credits
CORE-931 was discovered by Clifford Trigo (@mrtrizaeron) and Evan Ricafort (@robinhood0x00). CORE-877 and CORE-932 were discovered by the Blesta Development Team.
Related Tags:
Security Advisory - Plugin vulnerabilities
Affected Versions
Versions 3.0.0 through 3.0.4 are affected.
Description
Some content may be rendered in both the System Overview and Feed Reader plugins without proper sanitization, making them vulnerable to cross-site scripting (XSS) attacks. Patch release 3.0.5 corrects these vulnerabilities. Uninstalling the affected plugins will also mitigate any potential attacks.
Resolution
Upgrade to version 3.0.5, or uninstall the affected plugins. Related tasks:
- CORE-829
- CORE-830
Credits
These issues were discovered by the Blesta Development Team.