The Joomla! Project this week released version 3.8 of its open-source content management system, which fixes two information disclosure vulnerabilities.
The first of these bugs, designated CVE-2017-14596, resides in the LDAP authentication plug-in, and affects versions 1.5.0 through 3.7.5. According to a Joomla! Developer Network advisory, the medium-severity flaw consists of inadequate escaping in the plugin, which can result in the disclosure of usernames and passwords.
The second vulnerability, designated CVE-2017-14595, is a low-severity issue that affects CMS versions 3.7.0 through 3.7.5. Another Joomla! advisory describes the problem as a logic bug in a SQL query that "could lead to the disclosure of article intro texts when these articles are in the archived state."