CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

History

02 Jun 2025, 15:28

Type Values Removed Values Added
References () https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html - () https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html - Vendor Advisory
First Time Joomla joomla\!
Joomla
CPE cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

21 Nov 2024, 08:54

Type Values Removed Values Added
References () https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html - () https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html -

30 Oct 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.3
Summary
  • (es) Las funciones de administración de MFA no finalizaban correctamente las sesiones de usuario existentes cuando se modificaban los métodos de MFA de un usuario.

29 Feb 2024, 01:44

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-29 01:44

Updated : 2025-06-02 15:28


NVD link : CVE-2024-21722

Mitre link : CVE-2024-21722

CVE.ORG link : CVE-2024-21722


JSON object : View

Products Affected

joomla

  • joomla\!
CWE
CWE-613

Insufficient Session Expiration