Vulnerabilities > CVE-2023-37904 - Unspecified vulnerability in Discourse
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.
Vulnerable Configurations
References
- https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b
- https://github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600b
- https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg
- https://github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qg