5 matches found
CVE-2022-31025
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...
Discourse < 2.8.4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse 2.9.x < 2.9.0.beta5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2022-31025 Invite bypasses user approval in Discourse
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...
CVE-2022-31025
CVE-2022-31025 affects Discourse; prior to versions 2.8.4 (stable) and 2.9.0beta5 (beta/tests-passed) an SSO-based invite could bypass must_approve_users, causing invites by staff to be auto-approved. A fix is available: Discourse 2.8.4 on stable and 2.9.0.beta5 on beta/tests-passed. Workarounds ...