CVE-2023-37904

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-37904

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37904.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-37904

Aliases

BIT-discourse-2023-37904
GHSA-6wj5-4ph2-c7qg

Published

2023-07-28T15:09:08.049Z

Modified

2026-04-11T12:45:55.632422Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Discourse Race Condition in Accept Invite

Details

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. As a workaround, use restrict to email address invites.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-362"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37904.json"
}

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse
Events: Introduced

17daf077e2f11def391859f83d294bb71760b1cf

Fixed

c35038b00ba7c6d6534a538ea211b84d54fa0656

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37904.json"