Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2015-024: Queued jobs serialised data exposure

Severity:
Low (?)
Identifier:
SS-2015-024
Versions Affected:
2.8.1 and below
Versions Fixed:
2.8.3
Release Date:
2015-11-23

SavedJobData and SavedJobMessages contain php serialised data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialise.

This issue has been resolved by hiding this content, even from administrators.

Common Vulnerability Scoring System (CVSS) Information