SS-2015-024: Queued jobs serialised data exposure
- Severity:
- Low (?)
- Identifier:
- SS-2015-024
- Versions Affected:
- 2.8.1 and below
- Versions Fixed:
- 2.8.3
- Release Date:
- 2015-11-23
SavedJobData and SavedJobMessages contain php serialised data. There's no point showing these to a CMS Admin as they're not human readable. Worse, it might be insecure, as a malicious CMS Admin might be able to craft a payload thats dangerous to unserialise.
This issue has been resolved by hiding this content, even from administrators.