PT-2019-11633 · Discourse · Discourse
Published
2019-07-29
·
Updated
2022-04-18
·
CVE-2019-1020018
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Discourse versions prior to 2.3.0
Discourse versions 2.4.x prior to 2.4.0.beta3
Description:
The issue lacks a confirmation screen when logging in via an email link, which may lead to unauthorized access.
Recommendations:
For versions prior to 2.3.0, update to version 2.3.0 or later.
For versions 2.4.x prior to 2.4.0.beta3, update to version 2.4.0.beta3 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse