CVE-2022-31184
CVSS V2 None
CVSS V3 High 7.5
Description
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email.
Overview
- CVE ID
- CVE-2022-31184
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-08-01T20:15:08
- Last Modified Date
- 2022-08-09T18:48:58
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* | 1 | OR | 2.8.6 | |
| cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:* | 1 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- HIGH
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31184 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31184 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-08-01 21:00:35 | Added to TrackCVE |