4.3

CVE-2021-43793

Bypass of Poll voting limits in Discourse

Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DiscourseDiscourse Version < 2.7.11
DiscourseDiscourse Version2.8.0 Updatebeta1
DiscourseDiscourse Version2.8.0 Updatebeta2
DiscourseDiscourse Version2.8.0 Updatebeta3
DiscourseDiscourse Version2.8.0 Updatebeta4
DiscourseDiscourse Version2.8.0 Updatebeta5
DiscourseDiscourse Version2.8.0 Updatebeta6
DiscourseDiscourse Version2.8.0 Updatebeta7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.76% 0.503
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/discourse/discourse/commit/0c6b9df77bac9c6f7c7e2eadf6fe100064afdeab
Patch
Third Party Advisory
https://github.com/discourse/discourse/commit/1d0faedfbc3a8b77b971dc70d25e30791dbb6e0b
Patch
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-jq7h-44vc-h6qx
Third Party Advisory