CVE-2024-49765

CRITICAL9.1EPSS 0.18%

Bypass of Discourse Connect using other login paths if enabled in Discourse

發布日:2024/12/23修改日:2025/8/27

描述

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.

受影響套件(1)

Bitnami/discoursefrom 0, < 3.3.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-v8rf-pvgm-xxf2
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-49765