← Back

CVE-2021-43793

nvd nist
Published: Dec 1, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: security-advisories@github.com (Secondary)

Description

Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse

Affected (8)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Before 2.7.11
Discourse
Version 2.8.0 beta1
Discourse
Version 2.8.0 beta2
Discourse
Version 2.8.0 beta3
Discourse
Version 2.8.0 beta4
Discourse
Version 2.8.0 beta5
Discourse
Version 2.8.0 beta6
Discourse
Version 2.8.0 beta7

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.