Skip to content

Any authenticated user can create an unlisted topic

Low
jomaxro published GHSA-qf99-xpx6-hgxp Dec 2, 2022

Package

No package listed

Affected versions

stable <= 2.8.13; beta <= 2.9.0.beta14; tests-passed <= 2.9.0.beta14

Patched versions

stable > 2.8.13; beta > 2.9.0.beta14; tests-passed > 2.9.0.beta14

Description

Impact

Any authenticated user can create an unlisted topic. These topics, which are not readily available to other users can take up unnecessary site resources.

Patches

This issue is patched in the latest stable, beta and tests-passed versions of Discourse

Workarounds

There are no workarounds available.

Severity

Low
0.0
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N

CVE ID

CVE-2022-46159

Weaknesses

No CWEs

Credits