exploitDog

CVE-2019-1020018

Опубликовано: 29 июл. 2019

Источник: nvd

CVSS3: 7.3

CVSS2: 7.5

EPSS Низкий

Описание

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.

Ссылки

https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade
Patch
Third Party Advisory
https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a
Patch
Third Party Advisory
https://github.com/discourse/discourse/commit/52387be4a44cdeaca5421ee955ba1343e836bade
Patch
Third Party Advisory
https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Версия до 2.3.0 (исключая)

cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00294

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-pcjq-gxm7-9h27

CVSS3: 7.3

github

больше 3 лет назад

Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via an email link.

EPSS

Процентиль: 52%

0.00294

Низкий

7.3 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287