CVE-2019-1020018

Summary

Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.

Affected Software

VendorProductVersion RangeStatus
n/aDiscourse< 2.3.0affected
n/aDiscourse2.4.0.beta1affected
n/aDiscourse2.4.0.beta2affected
n/aDiscoursefixed in 2.4.0.beta3affected

Weaknesses

  • lacks a confirmation screen

ADP Enrichment

CVE Program Container

Additional References

References