Vulnerability DatabaseCVE-2022-36068
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-36068
September 29, 2022
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the "stable" branch and prior to 2.9.0.beta10 on the "beta" and "tests-passed" branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the "stable" branch and version 2.9.0.beta10 on the "beta" and "tests-passed" branches. There are no known workarounds.
Related ResourcesĀ (5)
https://github.com/discourse/discourse/pull/18418
https://nvd.nist.gov/vuln/detail/CVE-2022-36068
https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36068.json
https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Missing Authorization
CWE-862
EPSS
Base Score:
0.34