CVE-2024-49765 – Discourse Local Login Bypass Authentication Weakness

12月 19, 2024
9:16 pm

CVE ID : CVE-2024-49765

Published : Dec. 19, 2024, 8:15 p.m. | 1 hour, 1 minute ago

Description : Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-49765 – Discourse Local Login Bypass Authentication Weakness

Elvescore.io

Recent Posts

CVE-2023-31279 – AirVantage Unauthorized Device Registration Remote Command Execution

CVE-2023-31280 – “AirVantage Warranty Checker Unauthenticated Bulk IMEI and Serial Number Enumeration”

CVE-2024-11811 – Feedify – WordPress Web Push Notifications Plugin Reflected Cross-Site Scripting Vulnerability

CVE-2020-13712 – “oMG2000/MG90 Root Command Injection Vulnerability”

CVE-2021-40959 – “Monitorapp AIWAF Reflected Cross-Site Scripting”

CVE-2024-12845 – Emlog Pro Cross Site Scripting Vulnerability

CVE-2024-49765 – Discourse Local Login Bypass Authentication Weakness

CVE-2024-49765 – Discourse Local Login Bypass Authentication Weakness