Unrated severityNVD Advisory· Published Sep 29, 2022· Updated Apr 23, 2025

Discourse moderators can edit themes via the API

CVE-2022-36068

Description

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the stable branch and version 2.9.0.beta10 on the beta and tests-passed branches. There are no known workarounds.

Affected products

Discourse (software)/Discoursev5
Range: < 2.8.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/ae1e536e83940d58f1c79b835c75c249121c46b6mitrex_refsource_MISC
github.com/discourse/discourse/pull/18418mitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-6crr-3662-263qmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000