Unrated severityNVD Advisory· Published Jul 28, 2023· Updated Oct 10, 2024

Discourse Race Condition in Accept Invite

CVE-2023-37904

Description

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. As a workaround, use restrict to email address invites.

Affected products

Discourse (software)/Discoursev5
Range: >= 3.1.0.beta1, < 3.1.0.beta7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/62a609ea2d0645a27ee8adbb01ce10a5e03a600bmitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-6wj5-4ph2-c7qgmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000