Home > Vulnerability Database > CVE-2022-36068

Mend.io Vulnerability Database

CVE-2022-36068

Date: September 29, 2022

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the "stable" branch and prior to 2.9.0.beta10 on the "beta" and "tests-passed" branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the "stable" branch and version 2.9.0.beta10 on the "beta" and "tests-passed" branches. There are no known workarounds.

Language: Ruby

Severity Score

7.2

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-36068

Url: https://github.com/discourse/discourse/pull/18418

Url: https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6

Url: https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q

Url: https://www.mend.io/vulnerability-database/CVE-2022-36068

Severity Score

7.2

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-36068

Date: September 29, 2022

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?