BIT-discourse-2022-36068
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2022-36068.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-discourse-2022-36068
- Aliases
-
- CVE-2022-36068
- GHSA-6crr-3662-263q
- Published
- 2024-03-06T11:04:46.895Z
- Modified
- 2024-11-27T19:40:48.342Z
- Summary
- [none]
- Details
-
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the
stablebranch and prior to 2.9.0.beta10 on thebetaandtests-passedbranches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on thestablebranch and version 2.9.0.beta10 on thebetaandtests-passedbranches. There are no known workarounds. - Database specific
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*" ], "severity": "High" }- References
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.9
- Type
- SEMVER
- Events
-
Introduced2.9.0-beta1Last affected2.9.0-beta1Introduced2.9.0-beta2Last affected2.9.0-beta2Introduced2.9.0-beta3Last affected2.9.0-beta3Introduced2.9.0-beta4Last affected2.9.0-beta4Introduced2.9.0-beta5Last affected2.9.0-beta5Introduced2.9.0-beta6Last affected2.9.0-beta6Introduced2.9.0-beta7Last affected2.9.0-beta7Introduced2.9.0-beta8Last affected2.9.0-beta8Introduced2.9.0-beta9Last affected2.9.0-beta9