CNNVD-202601-4663 Information
CNNVD ID
CNNVD-202601-4663
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在安全漏洞,该漏洞源于权限提升漏洞允许非管理员版主绕过电子邮件更改限制,可能导致账户接管。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in previous versions of Discourse 3.5.4, 2025.11.2, 2025.12.1 and before 2026.1.0, which stems from a power-upgrading loophole that allows non-administrators to circumvent e-mail change restrictions that may lead to account takeover.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-p39j-x54c-rwqq https://access.redhat.com/security/cve/cve-2025-69289
Patch
https://github.com/discourse/discourse/tags
Share on: