CVE-2022-46177

Published: Jan 5, 2023

Modified: Mar 10, 2025

PUBLISHED

CVSS v3.1

5.7

MEDIUM

Description

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed.

Vendor	Product	Versions
discourse	discourse	affected `< 2.8.14` affected `>= 2.9.0.beta0, < 3.0.0.beta16`

Weaknesses (CWE)

CWE-613

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/discourse/discourse/security/advisories/GHSA-5www-jxvf-vrc3

x_refsource_CONFIRM

https://github.com/discourse/discourse/commit/4bf306f0e3bf54a9ef9c5886bf1cfb85c20da570

x_refsource_MISC

https://github.com/discourse/discourse/commit/83944213b2b2454af80d0407f60d67641b1f0b38

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-46177

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References