HomePentest-Tools.com Logo

Discourse 2.8.0.beta5 Security Update CVE-2021-37633CVE-2021-37693CVE-2021-37703

Severity
CVSSv3 Score
4.3
Vulnerability description

Discourse is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2021-37633: Rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourses default Content Security Policy. - CVE-2021-37693: When adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including resetting a password. - CVE-2021-37703: A users read state for a topic such as the last read post number and the notification level is exposed.

Recommendation

Update to version 2.8.0.beta5 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 9, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available