How severe is CVE-2022-21684?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-21684?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2022-21684 - HIGH Severity | CVSS 8.8

Vulnerability Description

Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with `must_approve_users` enabled is going to be automatically logged in, bypassing the check that does not allow unapproved users to sign in. They will be able to do everything an approved user can do. If they logout, they cannot log back in. This issue is patched in the `stable` version 2.7.13, `beta` version 2.8.0.beta11, and `tests-passed` version 2.8.0.beta11. One may disable invites as a workaround. Administrators can increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.

Related Vulnerabilities

CVE-2012-3462

HIGH

CVSS:8.8(High)

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of...

CWE-2872012

CVE-2013-4863

HIGH

CVSS:8.8(High)

The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 4...

CWE-2872013

CVE-2013-7051

HIGH

CVSS:8.8(High)

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters

CWE-2872013

CVE-2015-2880

HIGH

CVSS:8.8(High)

TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.

CWE-2872015

CVE-2015-6397

HIGH

CVSS:8.8(High)

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that accou...

CWE-2872015

CVE-2015-8332

HIGH

CVSS:8.8(High)

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and pe...

CWE-2872015