exploitDog

CVE-2025-22601

Опубликовано: 04 фев. 2025

Источник: nvd

CVSS3: 3.1

EPSS Низкий

Описание

Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the activate-account route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/discourse/discourse/security/advisories/GHSA-gvpp-v7mp-wxxw
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*

Версия до 3.4.0 (исключая)

cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*

EPSS

Процентиль: 55%

0.00321

Низкий

3.1 Low

CVSS3

Дефекты

CWE-22

EPSS

Процентиль: 55%

0.00321

Низкий

3.1 Low

CVSS3

Дефекты

CWE-22