Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:20 a.m.4 views

CVE-2022-46177

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old...

8.1CVSS6.9AI score0.00679EPSS
Exploits0References1
Circl
Circl
added 2023/01/05 10:19 p.m.5 views

CVE-2022-46177

creationtimestamp| type| source ---|---|--- 2023-01-05 22:19:23+00:00| seen| https://t.me/cibsecurity/56010 2025-03-10 21:39:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7071...

8.1CVSS7.8AI score0.00679EPSS
Exploits0References2
CVE
CVE
added 2023/01/05 7:48 p.m.70 views

CVE-2022-46177

Discourse vulnerability CVE-2022-46177 affects Discourse versions prior to 2.8.14 (stable) and prior to 3.0.0.beta15 (beta/tests-passed). If a user requests a password-reset link and then changes the primary email, the old reset email can remain valid; using it to reset the password re-links the ...

8.1CVSS6.7AI score0.00679EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/05 7:48 p.m.8 views

CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old...

5.7CVSS7AI score0.00679EPSS
Exploits0References3
Rows per page
Query Builder