CVE-2024-21722
MEDIUMJoomla! < 3.10.15 - Insufficient Session Expiration
Title source: ruleDescription
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
Scores
CVSS v3
6.3
EPSS
0.0001
EPSS Percentile
0.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-613
Status
published
Affected Products (1)
joomla/joomla\!
< 3.10.15
Timeline
Published
Feb 29, 2024
Tracked Since
Feb 18, 2026