Vulnerability Details : CVE-2022-31025
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-31025
- cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31025
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31025
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST | |
2.6
|
LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |
1.2
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2022-31025
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security-advisories@github.com (Secondary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-31025
-
https://github.com/discourse/discourse/pull/16974
SECURITY: Remove auto approval when redeeming an invite by gschlager · Pull Request #16974 · discourse/discourse · GitHubPatch;Third Party Advisory
-
https://github.com/discourse/discourse/pull/16984
FIX: Approves user when redeeming an invite for invites only sites by tgxworld · Pull Request #16984 · discourse/discourse · GitHubPatch;Third Party Advisory
-
https://github.com/discourse/discourse/commit/7c4e2d33fa4b922354c177ffc880a2f2701a91f9
SECURITY: Remove auto approval when redeeming an invite (#16974) · discourse/discourse@7c4e2d3 · GitHubPatch;Third Party Advisory
-
https://github.com/discourse/discourse/security/advisories/GHSA-x7jh-mx5q-6f9q
Invite bypasses user approval · Advisory · discourse/discourse · GitHubThird Party Advisory
-
https://github.com/discourse/discourse/commit/0fa0094531efc82d9371f90a02aa804b176d59cf
FIX: Approves user when redeeming an invite for invites only sites (#… · discourse/discourse@0fa0094 · GitHubPatch;Third Party Advisory
Jump to