4 matches found
Discourse 2.9.x < 2.9.0.beta9 Email Invitation Vulnerability
Discourse is prone to a vulnerability where email invitations to topics are not rate limited in some cases. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2022-37458
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate...
CVE-2022-37458
CVE-2022-37458 affects Discourse up to version 2.8.7, where admins can invite arbitrary email addresses at an unlimited rate. Public sources describe the issue as a rate-limiting/ invitation-surfeit vulnerability in Discourse (2.8.x). The NVD entry lists CVSS3.1 base metrics: AV:N, AC:L, PR:H, UI...
CVE-2022-35958
CVE-2022-35958 is rejected/not used; reference CVE-2022-37458 instead.