CVE-2024-45051— Discourse 授权问题漏洞

Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

认证机制不恰当

Discourse 授权问题漏洞

Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse存在授权问题漏洞，该漏洞源于存在恶意制作的电子邮件地址，允许攻击者绕过基于域的限制并访问私人网站、类别和/或群组。

N/A

N/A