4 matches found
CVE-2022-46177
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old...
CVE-2022-46177
creationtimestamp| type| source ---|---|--- 2023-01-05 22:19:23+00:00| seen| https://t.me/cibsecurity/56010 2025-03-10 21:39:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7071...
CVE-2022-46177
Discourse vulnerability CVE-2022-46177 affects Discourse versions prior to 2.8.14 (stable) and prior to 3.0.0.beta15 (beta/tests-passed). If a user requests a password-reset link and then changes the primary email, the old reset email can remain valid; using it to reset the password re-links the ...
CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email
Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old...