Bill Katula Posted July 13 Posted July 13 Hi, I recently had to restore a site and noticed some log entries referencing applications/core/interface/ckeditor/ckeditor/plugins/ related to malicious activity and I see that was reported as a possible vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2024-30162 There was also another report for a SQL injection. https://nvd.nist.gov/vuln/detail/CVE-2024-30163 Were these addressed in 4.7.17? Thanks AlexJ 1
Solution Stuart Silvester Posted July 13 Solution Posted July 13 We reviewed the report now identified as CVE-2024-30162. It was determined this was not a valid issue. The issue identified in CVE-2024-30163 was fixed in 4.7.16 as noted in the NIST page and in our release notes flagged as a security release - https://invisioncommunity.com/release-notes/4716-r128/ It's with noting that if you have security questions or concerns you can reach out to us privately via our contact page. AlexJ 1
Bill Katula Posted July 13 Author Posted July 13 Ah okay. Thanks for the quick response. Since the contact form only listed sales/billing I assumed this was where I should go.
Marc Posted July 15 Posted July 15 On 7/13/2024 at 11:25 PM, Bill Katula said: Ah okay. Thanks for the quick response. Since the contact form only listed sales/billing I assumed this was where I should go. No problem. Feel free to hit billing if needed. We can always forward you to the right place if needed 🙂
Recommended Posts