← Back

CVE-2024-45051

nvd nist
Published: Oct 7, 2024Modified: Sep 25, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability: 3.9 / Impact: 4.2
Source: NVD

Description

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (3)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Before 3.4.0
Discourse
Before 3.3.2
Discourse
Version 3.4.0 beta1

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.