HomePentest-Tools.com Logo

Discourse 2.9.x < 2.9.0.beta6 Information Disclosure Vulnerability CVE-2022-31096

Severity
CVSSv3 Score
5.7
Vulnerability description

Discourse is prone to an information disclosure vulnerability.

Risk description

Under certain conditions, a logged in user can redeem an invite with an email that either doesnt match the invites email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group.

Recommendation

Update to version 2.9.0.beta6 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 27, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available