- Project: Joomla!
- SubProject: CMS
- Impact: Medium
- Severity: Low
- Versions: 3.0.0 through 3.8.7
- Exploit type: Session race condition
- Reported Date: 2017-July-08
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-XXXX
Description
A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Additional Resources
- Links Go Here
Contact
The JSST at the Joomla! Security Centre.
Reported By: David Jardin, JSST