CVE-2024-49765

Bypass of Discourse Connect using other login paths if enabled in Discourse

Description

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.

INFO

Published Date :

2024-12-19T19:15:11.497Z

Last Modified :

2024-12-20T20:00:41.125Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-49765 vulnerability.

Vendors	Products
Discourse	Discourse

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49765.

URL	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-v8rf-pvgm-xxf2

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact