CVE-2024-26145

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 21, 2024
Updated: Feb 22, 2024
CWE ID 863

Summary

CVE-2024-26145 is a vulnerability affecting Discourse Calendar. This issue allows uninvited users to access private events by crafting a request to update their attendance in the first post of a topic. The flaw exists due to insufficient access controls. A fix for this problem has been implemented in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a temporary measure, users can restrict calendar post visibility to limit access to this feature.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share