In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
We have discovered 577 live websites that are affected by CVE-2021-3138.
Product | Discourse |
Category | Message Boards |
Vulnerable Domains | 577 live websites (11.05% of Discourse install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 47 versions ( 49.47% of all versions) |
United States | 386 websites |
Germany | 43 websites |
Singapore | 21 websites |
China | 18 websites |
France | 17 websites |
GB | 16 websites |
Brazil | 7 websites |
Russia | 7 websites |
Netherlands | 5 websites |
.com | 262 websites |
.org | 89 websites |
.net | 26 websites |
.io | 23 websites |
.co | 12 websites |
.de | 11 websites |
.com.br | 8 websites |
.fr | 6 websites |
.ru | 6 websites |
.cn | 5 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.***.com | France | *,*** | |
*********.*******.org | United States | **,*** | |
******.********.com | United States | **,*** | |
*********.***************.com | United States | **,*** | |
*********.****.ly | United States | ***,*** | |
*************.de | United States | ***,*** | |
*****.***********.com | United States | ***,*** | |
*************.com | United States | ***,*** | |
*********.*********.io | United States | ***,*** | |
*****.org | United States | ***,*** |