CVE-2019-1020017

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.3.0 Discourse versions 2.4.x prior to 2.4.0.beta3

Description: The issue lacks a confirmation screen when logging in via a user-api OTP.

Recommendations: For versions prior to 2.3.0, update to version 2.3.0 or later. For versions 2.4.x prior to 2.4.0.beta3, update to version 2.4.0.beta3 or later.