Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation.
Update to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html
{"id": "JVEL:207", "vendorId": null, "type": "joomla", "bulletinFamily": "software", "title": "Watchful Client (watchful.li extension), 1.9.0 and lower", "description": "Extension was not preventing execution of files outside of the framework, and therefore enabling potential unwanted information disclosure and other attacks using weak hash key implementation.\n\nUpdate to version 1.9.1 : https://watchful.li/news/watchful-1-9-1-released.html\n", "published": "2014-08-05T10:43:16", "modified": "2014-08-07T19:23:14", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vel.joomla.org", "reporter": "velteam", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2020-11-13T19:49:17", "viewCount": 1, "enchantments": {"score": {"value": 3.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 3.2}, "affectedSoftware": [], "_state": {"dependencies": 1645532710}}
Watchful Client (watchful.li extension), 1.9.0 and lower