[20180507] – Core – Session deletion race condition

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Medium
  • Severity: Low
  • Versions: 3.0.0 through 3.8.7
  • Exploit type: Session race condition
  • Reported Date: 2017-July-08
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11324

Description

A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Additional Resources

  • Links Go Here

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin, JSST
Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Comments are closed.

>
%d bloggers like this: