Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Re-use of email tokens in Discourse
Vulnerability Description
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including reseting a password.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
Discourse 代码问题漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2.7.8之前版本和2.8.0.beta4之前版本存在安全漏洞。该漏洞源于当向Discussion站点上的现有帐户添加其他电子邮件地址时,将生成电子邮件令牌,作为电子邮件验证过程的一部分。删除额外的电子邮件地址不会使未使用的令牌失效,该令牌可用于其他上下文,包括重置密码
CVSS Information
N/A
Vulnerability Type
N/A