Описание
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the stable branch and version 3.5.0.beta.8 on the tests-passed branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user’s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8.
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.6 (исключая)Версия до 3.5.0 (включая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta5:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta6:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.5.0:beta7:*:*:beta:*:*:*
EPSS
Процентиль: 23%
0.00074
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-384
EPSS
Процентиль: 23%
0.00074
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-384