3 matches found
BIT-DISCOURSE-2022-21684 User can bypass approval when invited to Discourse
Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...
CVE-2022-31025
CVE-2022-31025 affects Discourse; prior to versions 2.8.4 (stable) and 2.9.0beta5 (beta/tests-passed) an SSO-based invite could bypass must_approve_users, causing invites by staff to be auto-approved. A fix is available: Discourse 2.8.4 on stable and 2.9.0.beta5 on beta/tests-passed. Workarounds ...
CVE-2022-21684 User can bypass approval when invited to Discourse
Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...