CVE-2024-21722

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.

• https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html
  Vendor Advisory
• https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html
  Vendor Advisory