漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse
Vulnerability Description
Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the entire cluster resulting in a denial of service. Users not running in multisite environments are not affected. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse存在安全漏洞,该漏洞源于以管理员身份登录的用户可以调用SiteSetting类上的任意方法,当在多站点上完成时,可以影响整个集群。受影响的产品和版本:Discourse stable 3.0.1及之前版本,beta 3.1.0.beta2及之前版本,tests-passed 3.1.0.beta2及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A