Discourse < 2.8.5 Information Disclosure Vulnerability CVE-2022-31096
- CVSSv3 Score
- Vulnerability description
Discourse is prone to an information disclosure vulnerability.
- Risk description
Under certain conditions, a logged in user can redeem an invite with an email that either doesnt match the invites email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group.
Update to version 2.8.5 or later.
- Not available