[20180507] - Core - Session deletion race condition - Applicacious

[20180507] – Core – Session deletion race condition

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Medium
  • Severity: Low
  • Versions: 3.0.0 through 3.8.7
  • Exploit type: Session race condition
  • Reported Date: 2017-July-08
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11324

Description

A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Additional Resources

  • Links Go Here

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin, JSST
  • in Blog
  • by
  • May 22, 2018
  • Comments Off on [20180507] – Core – Session deletion race condition

Comments are closed.

%d bloggers like this: