Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36068

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

Published

2022-09-29T20:15:13.187

Last Modified

2024-11-21T07:12:18.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	discourse	discourse	< 2.8.9	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes

References

https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 Patch, Third Party Advisory ([email protected])
https://github.com/discourse/discourse/pull/18418 Patch, Third Party Advisory ([email protected])
https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q Third Party Advisory ([email protected])
https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/pull/18418 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)