
We found results for “”
CVE-2024-36113
Date: July 3, 2024
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the "stable" branch, version 3.3.0.beta3 on the "beta" branch, and version 3.3.0.beta4-dev on the "tests-passed" branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the "stable" branch, version 3.3.0.beta3 on the "beta" branch, and version 3.3.0.beta4-dev on the "tests-passed" branch. No known workarounds are available.
Language: Ruby
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Missing Authorization
CWE-862CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |