Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:redmine:redmine:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:redmine:redmine:4.2.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.2.0"
},
{
"last_affected": "4.2.0"
},
{
"introduced": "4.2.1"
},
{
"last_affected": "4.2.1"
}
]
}