Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46159

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.

Published

2022-12-02T15:15:10.090

Last Modified

2024-11-21T07:30:13.710

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	discourse	discourse	≤ 2.8.13	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes

References

https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382 Patch, Third Party Advisory ([email protected])
https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp Third Party Advisory ([email protected])
https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)