Home > Vulnerability Database > CVE-2024-36113

Mend.io Vulnerability Database

CVE-2024-36113

Date: July 3, 2024

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the "stable" branch, version 3.3.0.beta3 on the "beta" branch, and version 3.3.0.beta4-dev on the "tests-passed" branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the "stable" branch, version 3.3.0.beta3 on the "beta" branch, and version 3.3.0.beta4-dev on the "tests-passed" branch. No known workarounds are available.

Language: Ruby

Severity Score

4.9

Related Resources (5)

Url: https://github.com/discourse/discourse/commit/8470546f59b04bd82ce9b711406758fd5439936d

Url: https://github.com/discourse/discourse/commit/9c4a5f39d3ad351410a1453ff5e5f7ffce17cd7e

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-36113

Url: https://github.com/discourse/discourse/security/advisories/GHSA-3w3f-76p7-3c4g

Url: https://www.mend.io/vulnerability-database/CVE-2024-36113

Severity Score

4.9

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-36113

Date: July 3, 2024

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?