Impact
On sites with Patreon login enabled, this vulnerability could be used to take control of a victim's forum account.
Patches
This vulnerability is patched in the latest version of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login.
Workarounds
Disable the patreon integration and log out all users with associated Patreon accounts.
Impact
On sites with Patreon login enabled, this vulnerability could be used to take control of a victim's forum account.
Patches
This vulnerability is patched in the latest version of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login.
Workarounds
Disable the patreon integration and log out all users with associated Patreon accounts.