Vulnerabilities > CVE-2022-36068 - Unspecified vulnerability in Discourse
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
Vulnerable Configurations
References
- https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6
- https://github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6
- https://github.com/discourse/discourse/pull/18418
- https://github.com/discourse/discourse/pull/18418
- https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q
- https://github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263q