ГлавнаяУязвимости → CVE-2025-68479
7.1высокая

CVE-2025-68479

Описание

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, some subscription endpoints lack proper checking for ownership before making changes. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.

Затрагиваемое ПО
Discourse Discourse
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Источники
https://github.com/discourse/discourse/security/advisories/GHSA-6gjr-5897-m327