Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Discourse 2.7.8 Security Update
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Discourse is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - CVE-2021-37633: Rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. - CVE-2021-37693: When adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including resetting a password. - CVE-2021-37703: A user's read state for a topic such as the last read post number and the notification level is exposed.
Affected Software
Affected Software
Discourse prior to version 2.7.8.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 2.7.8 or later.