CVE-2022-39356

Name of the Vulnerable Software and Affected Versions Discourse (affected versions not specified)

Description Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation.

Recommendations Upgrade to the latest version. As a temporary workaround, consider disabling invitations with SiteSetting.max invites per day = 0 or scope them to individual email addresses.