Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2015-024: Queued jobs serialised data exposure

Low (?)
Versions Affected:
2.8.1 and below
Versions Fixed:
Release Date:

SavedJobData and SavedJobMessages contain php serialised data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialise.

This issue has been resolved by hiding this content, even from administrators.

Common Vulnerability Scoring System (CVSS) Information