cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-46241,https://securityvulnerability.io/vulnerability/CVE-2023-46241,Discourse Plugin Vulnerability Affects Microsoft Authentication,"The `discourse-microsoft-auth` plugin, designed for Microsoft-based user authentication on Discourse platforms, contains a vulnerability that may expose user accounts to unauthorized control. This issue arises when sites are configured with account types beyond `Accounts in this organizational directory only (O365 only - Single tenant)`. Attackers may exploit this configuration to manipulate user accounts, potentially compromising sensitive information. Affected sites are advised to apply the patch available in commit c40665f44509724b64938c85def9fb2e79f62ec8, which includes a new `microsoft_auth:revoke` rake task. This task not only logs out affected users but also revokes their API keys and disconnects their accounts from Microsoft. Administrators can temporarily mitigate risk by disabling the plugin until the patch is fully implemented.",Discourse,Discourse-microsoft-auth,8.1,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2024-02-21T16:08:41.494Z,0