CNNVD-202507-3657 Information
CNNVD ID
CNNVD-202507-3657
Related CVE
- CNNVD Published: 2025-07-29
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.4.7之前版本和3.5.0.beta.8之前版本存在授权问题漏洞,该漏洞源于WebAuthn挑战未清除,可能导致安全风险增加。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a mandate gap in previous versions of Discourse 3.4.7 and 3.5.0.beta.8, which stems from the fact that the WebAuthn challenge has not been cleared and may lead to increased security risks.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
Discourse
Published
2025-07-29
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802 https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv
Patch
https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802
Share on: