CVE-2022-46159
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the main branch of Discourse. There are no known workarounds available.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| discourse | discourse | <= 2.8.13 | affected |
| discourse | discourse | >= 2.9.0.beta0, <= 2.9.0.beta14 | affected |
Weaknesses
- CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp
- https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp
- https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.