- Project: Joomla!
- SubProject: CMS
- Impact: Medium
- Severity: Low
- Versions: 3.0.0 through 3.8.7
- Exploit type: Session race condition
- Reported Date: 2017-July-08
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11324
A long running background process, such as remote checks for core or extension updates, could create a race condition where a session which was expected to be destroyed would be recreated.
Joomla! CMS versions 3.0.0 through 3.8.7
Upgrade to version 3.8.8
The JSST at the Joomla! Security Centre.