CVE-2021-3138

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.


We have discovered 577 live websites that are affected by CVE-2021-3138.

Contact us to get more info




Affected Software

Product  Discourse
Category Message Boards
Vulnerable Domains577 live websites (11.05% of Discourse install base)
Vulnerable Versions
  • from 0 through 2.7
Vulnerable Versions Count47 versions ( 49.47% of all versions)



Details

  • Published - Jan 14, 2021
  • Updated - Aug 3, 2024

CVE-2021-3138 usage by Country

United States386 websites



Germany43 websites
Singapore21 websites
China18 websites
France17 websites
GB16 websites
Brazil7 websites
Russia7 websites
Netherlands5 websites

CVE-2021-3138 usage by TLD

.com262 websites
.org89 websites
.net26 websites
.io23 websites
.co12 websites
.de11 websites
.com.br8 websites
.fr6 websites
.ru6 websites
.cn5 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2021-3138

Top websites that are affected by CVE-2021-3138. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.***.com France*,***
*********.*******.org United States**,***
******.********.com United States**,***
*********.***************.com United States**,***
*********.****.ly United States***,***
*************.de United States***,***
*****.***********.com United States***,***
*************.com United States***,***
*********.*********.io United States***,***
*****.org United States***,***
See full domain list

FAQ

A total of 577 websites have been identified as vulnerable to CVE-2021-3138, discovered through global website indexing conducted by WebTechSurvey.
Discourse is susceptible to CVE-2021-3138 vulnerability.
Discourse versions before, and including, 2.7 are vulnerable to CVE-2021-3138.