CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-3138

HIGH
7.5
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile18.10th
Published2021年1月14日
Last Modified2024年11月21日

Vulnerability Description

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

Affected Platforms (CPE)

📦
Discourse

Discourse

<= 2.6.0
📦
Discourse

Discourse

= 2.7.0

References & Advisories

🔗 http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html
🔗 https://github.com/Mesh3l911/Disource
🔗 https://github.com/discourse/discourse/releases
🔗 http://packetstormsecurity.com/files/162256/Discourse-2.7.0-2FA-Bypass.html
🔗 https://github.com/Mesh3l911/Disource
🔗 https://github.com/discourse/discourse/releases

関連する脆弱性情報

CVE-2021-4116310.0

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to rem...

CVE-2021-327648.1

Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes ...

CVE-2026-447867.5

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026....

CVE-2021-410827.5

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and...