CVE-2022-37458
First published: Fri Sep 02 2022(Updated: )
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discourse Discourse | <=2.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-37458?
CVE-2022-37458 is a vulnerability in Discourse through version 2.8.7 that allows admins to send invitations to arbitrary email addresses at an unlimited rate.
How severe is CVE-2022-37458?
CVE-2022-37458 has a severity rating of 7.2 (high).
How can this vulnerability affect me?
This vulnerability can allow malicious admins to send invitations to arbitrary email addresses, potentially leading to unauthorized access or spam.
How can I fix CVE-2022-37458?
To fix CVE-2022-37458, you should update Discourse to version 2.8.8 or later, which contains the necessary security patches.
Where can I find more information about CVE-2022-37458?
You can find more information about CVE-2022-37458 on the Discourse security advisories page (link: https://github.com/discourse/discourse/security/advisories/GHSA-q2rg-m477-8wg7).
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/discourse
- canonical/discourse discourse
- version/discourse discourse/2.8.7