Unrated severityNVD Advisory· Published Oct 7, 2024· Updated Oct 8, 2024
Bypass of email address validation via encoded email addresses in Discourse
CVE-2024-45051
Description
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
Affected products
1- Range: stable: < 3.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/discourse/discourse/security/advisories/GHSA-2vjv-pgh4-6rmqmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.