Blesta Various Staff Permission Issues

Blesta Various Staff Permission Issues

Blesta is a web based application for the billing and support. Apart from WHMCS, Blesta is also used by many web hosting companies for the billing and support.

WHMCS Complete Billing and Support

Affected Versions

Blesta Versions 3.0.0 through 3.0.9, and Blesta version 3.1.0 through 3.1.1 are affected.

Description

Active and valid staff members may be able to access areas of the application without proper ACL permissions. Additionally, staff members may not be logged out immediately after being made inactive. Blesta various staff permission issues are classified as Moderate vulnerabilities. Patch release 3.0.10 and 3.1.2 correct these vulnerabilities.

Resolution

If you are running 3.0.x upgrade to version 3.0.10. If you are running 3.1.x upgrade to version 3.1.2.

Posted in Security.