CVE-2019-1020017

discourse/discourse
on github

Published

Severity

CVSS v3:
5.3 MEDIUM
CVSS v2:
5 MEDIUM

Description

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*n/a2.3.0*
cpe:2.3:a:discourse:discourse:2.4.0:beta2:*:*:*:*:*:*n/an/a2.4.0
cpe:2.3:a:discourse:discourse:2.4.0:beta1:*:*:*:*:*:*n/an/a2.4.0

External Links