| Reporter | Title | Published | Views | Family All 26 |
|---|---|---|---|---|
| The vulnerability of the NGINX software configuration, which manages the Discourse mailing list, allows a hacker to cause a service failure. | 6 Mar 202300:00 | – | bdu_fstec | |
| CVE-2022-31182 | 2 Aug 202200:17 | – | circl | |
| CVE-2022-31184 | 2 Aug 202200:17 | – | circl | |
| Discourse 安全漏洞 | 1 Aug 202200:00 | – | cnnvd | |
| Discourse 安全漏洞 | 1 Aug 202200:00 | – | cnnvd | |
| CVE-2022-31182 | 1 Aug 202219:40 | – | cve | |
| CVE-2022-31184 | 1 Aug 202219:40 | – | cve | |
| CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse | 1 Aug 202219:40 | – | cvelist | |
| CVE-2022-31184 Email activation route can be abused by spammers in Discourse | 1 Aug 202219:40 | – | cvelist | |
| EUVD-2022-52779 | 3 Oct 202520:07 | – | euvd |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:discourse:discourse";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.148552");
script_version("2025-04-11T15:45:04+0000");
script_tag(name:"last_modification", value:"2025-04-11 15:45:04 +0000 (Fri, 11 Apr 2025)");
script_tag(name:"creation_date", value:"2022-08-02 03:10:24 +0000 (Tue, 02 Aug 2022)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-09 18:48:00 +0000 (Tue, 09 Aug 2022)");
script_cve_id("CVE-2022-31182", "CVE-2022-31184");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Discourse 2.9.x < 2.9.0.beta7 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_discourse_http_detect.nasl");
script_mandatory_keys("discourse/detected");
script_tag(name:"summary", value:"Discourse is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2022-31182: Cache poisoning via maliciously-formed request
- CVE-2022-31184: Email activation route can be abused by spammers");
script_tag(name:"affected", value:"Discourse version 2.9.x prior to 2.9.0.beta7.");
script_tag(name:"solution", value:"Update to version 2.9.0.beta7 or later.");
script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-4ff8-3j78-w6pp");
script_xref(name:"URL", value:"https://github.com/discourse/discourse/security/advisories/GHSA-m5w9-8gp8-2hrf");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range(version: version, test_version: "2.9.0.beta1", test_version2: "2.9.0.beta6")) {
report = report_fixed_ver(installed_version: version, fixed_version: "2.9.0.beta7", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation