CVE-2018-11324
published 2018-05-22CVE-2018-11324: An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a…
PriorityP428medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
EPSS
1.33%
67.6th percentile
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joomla_! | < 3.8.8 | 3.8.8 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9j47-8fgc-498v: An issue was discovered in Joomla! Core before 3
ghsa_unreviewed·2022-05-14
CVE-2018-11324 [MEDIUM] CWE-362 GHSA-9j47-8fgc-498v: An issue was discovered in Joomla! Core before 3
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
OSV
python-urllib3 vulnerabilities
osv·2019-05-21·CVSS 9.8
CVE-2018-20060 python-urllib3 vulnerabilities
python-urllib3 vulnerabilities
It was discovered that urllib3 incorrectly removed Authorization HTTP
headers when handled cross-origin redirects. This could result in
credentials being sent to unintended hosts. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060)
It was discovered that urllib3 incorrectly stripped certain characters from
requests. A remote attacker could use this issue to perform CRLF injection.
(CVE-2019-11236)
It was discovered that urllib3 incorrectly handled situations where a
desired set of CA certificates were specified. This could result in
certificates being accepted by the default CA certificates contrary to
expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and
Ubuntu 19.04. (CVE-2019-11324)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/104274http://www.securitytracker.com/id/1040966https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.htmlhttp://www.securityfocus.com/bid/104274http://www.securitytracker.com/id/1040966https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html
2018-05-22
Published