icon

We found results for “

CVE-2024-36113

Date: July 3, 2024

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the "stable" branch, version 3.3.0.beta3 on the "beta" branch, and version 3.3.0.beta4-dev on the "tests-passed" branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the "stable" branch, version 3.3.0.beta3 on the "beta" branch, and version 3.3.0.beta4-dev on the "tests-passed" branch. No known workarounds are available.

Language: Ruby

Severity Score

Severity Score

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us