CVE-2024-45051

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest stable, beta and tests-passed version

Description A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories, and/or groups. This issue has been patched in the latest stable, beta, and tests-passed version of Discourse. There are no known workarounds for this issue.

Recommendations Upgrade to the latest stable, beta, or tests-passed version of Discourse to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to private sites, categories, and/or groups until the upgrade is complete. Avoid using encoded email addresses in the affected Discourse email handler until the issue is resolved.