Vulnerabilities > CVE-2022-31184 - Unspecified vulnerability in Discourse

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
discourse
NVD
Published: 2022-08-01
Updated: 2024-11-21

Summary

Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.

Vulnerable Configurations

Part Description Count
Application
Discourse
833

References