Описание
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.4 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*
EPSS
Процентиль: 52%
0.00286
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-284
EPSS
Процентиль: 52%
0.00286
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-284