CVE-2022-46159

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
References () https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382 - Patch, Third Party Advisory () https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382 - Patch, Third Party Advisory
References () https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp - Third Party Advisory () https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp - Third Party Advisory
Summary
  • (es) Discourse es una plataforma de discusión de código abierto. En la versión 2.8.13 y anteriores en la rama `stable` y en la versión 2.9.0.beta14 y anteriores en las ramas `beta` y `tests-passed`, cualquier usuario autenticado puede crear un tema no listado. Estos temas, que no están disponibles para otros usuarios, pueden consumir recursos innecesarios del sitio. Hay un parche para este problema disponible en la rama "principal" de Discourse. No se conocen workarounds disponibles.

Information

Published : 2022-12-02 15:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46159

Mitre link : CVE-2022-46159

CVE.ORG link : CVE-2022-46159


JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-770

Allocation of Resources Without Limits or Throttling