Nathank

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 2.7.13 Discourse version 2.8.0.beta11 in `beta` and `tests-passed` **Description** The issue allows some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must approve users` enabled can bypass the check that does not allow unapproved users to sign in. They will have the same capabilities as an approved user, but will not be able to log back in after logging out. **Recommendations** For versions prior to 2.7.13, update to version 2.7.13 or later. For version 2.8.0.beta11 in `beta` and `tests-passed`, update to a later version. As a temporary workaround, consider disabling invites or increase `min trust level to allow invite` to reduce the attack surface to more trusted users.