CVE-2022-31096

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue.

CVSS v3 5.7 MEDIUM
CVSS v2.0 2.1 LOW

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:S/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r	Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:discourse:discourse::::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta1::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta2::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta3::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta4::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta5::::::

History

21 Nov 2024, 07:03

Type	Values Removed	Values Added
References	~~() https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r - Third Party Advisory~~	() https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r - Third Party Advisory

Information

Published : 2022-06-27 22:15

Updated : 2024-11-21 07:03

NVD link : CVE-2022-31096

Mitre link : CVE-2022-31096

CVE.ORG link : CVE-2022-31096

JSON object : View

Products Affected

discourse

discourse

CWE

CWE-281

Improper Preservation of Permissions

{"id": "CVE-2022-31096", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2022-06-27T22:15:09.123", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse/security/advisories/GHSA-rvp8-459h-282r", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-281"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue."}, {"lang": "es", "value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Bajo determinadas condiciones, un usuario conectado puede canjear una invitaci\u00f3n con un correo electr\u00f3nico que o bien no coincide con el correo electr\u00f3nico de la invitaci\u00f3n o no es adherido a la restricci\u00f3n de dominio de correo electr\u00f3nico de un enlace de invitaci\u00f3n. El impacto de este fallo es agravado cuando la invitaci\u00f3n ha sido configurada para a\u00f1adir al usuario que acepta la invitaci\u00f3n a grupos restringidos. Una vez que un usuario ha sido a\u00f1adido incorrectamente a un grupo restringido, el usuario puede entonces ser capaz de visualizar contenidos que est\u00e1n restringidos al grupo respectivo. Es recomendado a usuarios actualizar a versiones estables actuales. No se presentan mitigaciones conocidas para este problema"}], "lastModified": "2024-11-21T07:03:53.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "369D642C-A8FC-423F-8A49-D9ECCE3D7B32", "versionEndIncluding": "2.8.4"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104"}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}