CVE-2021-43793

Опубликовано: 01 дек. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse

Ссылки

https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab
Patch
Third Party Advisory
https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b
Patch
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx
Third Party Advisory
https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab
Patch
Third Party Advisory
https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b
Patch
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Версия до 2.7.11 (исключая)

cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00234

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269

NVD-CWE-Other