Vulnerabilities > CVE-2019-1020017 - Unspecified vulnerability in Discourse
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
Vulnerable Configurations
References
- https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a
- https://github.com/discourse/discourse/commit/b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a
- https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11
- https://github.com/discourse/discourse/commit/e6e47f2fb22764c92aaa90445c7bf203192fba11