尊敬的 Discuz! X 用户,您好!

Dear Discuz! X users, hello!

Recently, Discuz! Security Center discovered a high-risk security issue, **this security issue will lead to security risks in some sites**. Accounts can be illegally controlled in specific ways through specially configured or designed requests.

**We hope that more security personnel will join the work of maintaining Discuz! X program security. **

Vulnerability Details

For technical details, see: https://paper.seebug.org/1144/

For details on security patches: https://gitee.com/Discuz/DiscuzX/pulls/1315

Risk level

high

Affect version
Discuz! X3.1 to Discuz! X3.4 Release 20211022

Safe version
Discuz! X3.4 Release 20211124

Repair suggestion

1. The vulnerability has been officially fixed, and affected users are advised to upgrade to the latest version as soon as possible: https://gitee.com/Discuz/DiscuzX/attach_files
2. Users who cannot upgrade to the latest version can refer to https://gitee.com/Discuz/DiscuzX/pulls/1315 to modify the site files.

【Remarks】: It is recommended that you do a good job of data backup before upgrading, test and evaluate the business operation status to avoid accidents

For more details, please read the Discuz! X Security Bulletin below.

近日,Discuz! 安全中心发现一个高风险安全问题,**本安全问题将导致部分站点存在安全隐患**。通过特殊配置或设计的请求可以通过特定方式非法控制账号。

**在此希望更多的安全人员加入到维护 Discuz! X 程序安全的工作中来。**

漏洞详情

技术细节详见:https://paper.seebug.org/1144/

安全补丁详见: https://gitee.com/Discuz/DiscuzX/pulls/1315

风险等级

影响版本
Discuz! X3.1 至 Discuz! X3.4 Release 20211022

安全版本
Discuz! X3.4 Release 20211124

修复建议

1. 目前官方已修复该漏洞,建议受影响的用户尽快升级至最新版本:https://gitee.com/Discuz/DiscuzX/attach_files
2. 无法升级最新版本的用户,可以参考 https://gitee.com/Discuz/DiscuzX/pulls/1315 修改站点文件。

【备注】:建议您在升级前做好数据备份工作,测试并评估业务运行状况,避免出现意外

更详细的内容请阅读下方的 Discuz! X 安全公告 进行了解。

发表评论

后才能评论