CVE-2023-37904

CVSS 3.1 Score 3.1 of 10 (low)

Attack Complexity high
Integrity low
Confidentiality none
Availability none
Scope unchanged
Privileges Required none

Details

Published Jul 28, 2023
Updated: Aug 3, 2023
CWE ID 362

Summary

CVE-2023-37904 is a vulnerability affecting Discourse, an open-source discussion platform. Before the release of versions 3.0.6 for the stable branch and 3.1.0.beta7 for the beta and tests-passed branches, unlimited user creation was possible through invite links. This issue allowed more users than the permitted number to be created, posing a potential security risk. The vulnerability has been addressed in these versions, and it is recommended to use email address invites with the 'restrict' setting as a workaround until updating.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share