4 matches found
CVE-2022-21684
Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...
CVE-2022-21684 User can bypass approval when invited to Discourse
Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...
CVE-2022-21684
Discourse (open source platform) contains a login-bypass vulnerability for invited users when must_approve_users is enabled. Affected versions: prior to 2.7.13 (stable) and 2.8.0.beta11 (beta/tests-passed) allow invited users to log in automatically and perform actions of approved users; after lo...
Discourse < 2.7.13 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...