7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.8%
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable
branch and prior to 2.9.0.beta10 on the beta
and tests-passed
branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the stable
branch and version 2.9.0.beta10 on the beta
and tests-passed
branches. There are no known workarounds.
[
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "< 2.8.9"
},
{
"status": "affected",
"version": ">= 2.9.0.beta0, < 2.9.0.beta10"
}
]
}
]
More
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.8%