漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Discourse secure uploads accessible to guests even when login is required
Vulnerability Description
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Discourse 访问控制错误漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.2.0.beta4之前、3.1.4之前版本存在访问控制错误漏洞,该漏洞源于在特殊的情况下,访客用户也可以访问与帖子关联的安全上传 URL。
CVSS Information
N/A
Vulnerability Type
N/A