1. Home

CIVI-SA-2020-11: CSRF on CKEditor Configuration Form

Published
2020-08-19 09:00
Written by
dev-team

CiviCRM did not provide sufficient protection on the CKEditor configuration form, which could allow a malicious third-party to trick a CiviCRM administrator into changing the configuration.

Note: This form had another vulnerability in the same version. The risk from two overlapping vulnerabilities may be greater than the risk of each individually.

CIVI-SA-2020-09: Privilege Escalation via ACL Smart Groups

Published
2020-08-19 09:00
Written by
dev-team

In CiviCRM, an Access Control List (ACL) confers limited access to contact records (based on the membership list for a "Group" of contacts). In configurations with "ACL Smart Groups", a flaw allowed limited backend users to re-define their group criteria and gain elevated access. The fix ensures that only trusted users (with permission "edit groups") may re-define the group criteria.

Movement Communications Director

Published
2020-08-13 22:46
Written by
recruiting@wik…

Summary
You are a community-centered leader ready to inspire the people who set knowledge free as a global movement
The Wikimedia Foundation is the non-profit organization that operates Wikipedia—serving nearly half a billion users every month—and its related knowledge projects. We are supported by a community of more than 250,000 global volunteers.

We’d like you to:

Fundraising Operations Associate

Published
2020-08-10 10:18
Written by
recruiting@wik…

Location: Remote

Summary

The Wikimedia Foundation’s Fundraising Operations Associate is part of the fundraising team conducts worldwide campaigns across nearly 40 countries and 20 languages, collecting small donations (averaging about $15) as well as large and small offline donations to support the Wikimedia Foundation’s mission to empower and engage people around the world with free knowledge.

Subscribe to