Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse password reset link can lead to in account takeover if user changes to a new email
Vulnerability Description
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Discourse 代码问题漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2.8.14之前版本存在代码问题漏洞,该漏洞源于当用户请求密码重置链接邮件,然后改变他们的主邮件,旧的重置邮件仍然有效,当旧的重置邮件被用来重置密码时,Discourse账户的主邮件将被重新链接到旧邮件,如果旧的电子邮件地址被泄露或所有权被转移,这将导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A