BIT-JOOMLA-2024-21722 — Vulnetix

BIT-JOOMLA-2024-21722 PUBLISHED CVSS 6.300000190734863 MEDIUM

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.

Risk Scores

CVSS 3.1

6.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Joomla! Project	Joomla! CMS	3.2.0-3.10.14, 4.0.0-4.4.2, 5.0.0-5.0.2

Exploit Intelligence

https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html (circl)
CIRCL seen: CVE-2024-21722 (circl-sighting)
CIRCL seen: CVE-2024-21722 (circl-sighting)

Timeline

Feb 20, 2024 CVE Published
Feb 22, 2024 PoC Published
Feb 29, 2024 PoC Published

References

https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html vendor-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›