CVE-2024-49765

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.

Related Vulnerabilities

CVE-2017-16769

MEDIUM
CVSS:5.3(Medium)

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mod...

CWE-3592017

CVE-2019-15623

MEDIUM
CVSS:5.3(Medium)

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

CWE-3592019

CVE-2021-21823

MEDIUM
CVSS:5.3(Medium)

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosur...

CWE-3592021

CVE-2021-22876

MEDIUM
CVSS:5.3(Medium)

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip of...

CWE-3592021

CVE-2021-28559

MEDIUM
CVSS:5.3(Medium)

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticate...

CWE-3592021

CVE-2021-3980

MEDIUM
CVSS:5.3(Medium)

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CWE-3592021