PT-2022-27776 · Discourse · Discourse

Sqeezelemon

Published

2022-12-02

Updated

2024-03-06

CVE-2022-46159

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions 2.8.13 and prior Discourse versions 2.9.0.beta14 and prior

Description Discourse is an open-source discussion platform where any authenticated user can create an unlisted topic, potentially taking up unnecessary site resources.

Recommendations For versions 2.8.13 and prior, update to a version after 2.8.13. For versions 2.9.0.beta14 and prior, update to a version after 2.9.0.beta14. As a temporary workaround, consider restricting the ability to create unlisted topics for authenticated users until a patch is available.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BIT-DISCOURSE-2022-46159

CVE-2022-46159

GHSA-QF99-XPX6-HGXP

Affected Products

Discourse

PT-2022-27776 · Discourse · Discourse

CVE-2022-46159

Weakness Enumeration

Related Identifiers

Affected Products

References · 7