CVE-2024-49765

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version

Description: The issue affects sites using Discourse Connect with local logins enabled, potentially allowing attackers to bypass Discourse Connect and create accounts or log in. This problem has been patched in the latest version of Discourse.

Recommendations: For versions prior to the latest version, as a temporary workaround, consider disabling all other login methods except Discourse Connect to minimize the risk of exploitation. Update to the latest version of Discourse to fully resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-359

Related Identifiers

BIT-DISCOURSE-2024-49765

CVE-2024-49765

GHSA-V8RF-PVGM-XXF2

Affected Products

Discourse

CVE-2024-49765

Weakness Enumeration

Related Identifiers

Affected Products

References · 10