CVE-2022-46159

Summary

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the main branch of Discourse. There are no known workarounds available.

Affected Software

VendorProductVersion RangeStatus
discoursediscourse<= 2.8.13affected
discoursediscourse>= 2.9.0.beta0, <= 2.9.0.beta14affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References