Vulnerabilities > CVE-2021-3138 - Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
discourse
CWE-307

Summary

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

Vulnerable Configurations

Part Description Count
Application
Discourse
733