Back to CVE Browser

CVE-2021-3138

HIGH

7.5

CVSS Severity Score

EPSS Score0.1730%

EPSS Percentile18.10th

PublishedJan 14, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

Affected Platforms (CPE)

📦

Discourse

Discourse

<= 2.6.0

📦

Discourse

Discourse

= 2.7.0

References & Advisories

🔗 http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html

🔗 https://github.com/Mesh3l911/Disource

🔗 https://github.com/discourse/discourse/releases

🔗 http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html

🔗 https://github.com/Mesh3l911/Disource

🔗 https://github.com/discourse/discourse/releases

Related Vulnerabilities

CVE-2021-4116310.0

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to rem...

CVE-2021-327648.1

Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes ...

CVE-2026-447867.5

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026....

CVE-2021-410827.5

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and...