How severe is CVE-2022-31025?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-31025?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2022-31025 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.

Related Vulnerabilities

CVE-2016-5063

MEDIUM

CVSS:5.3(Medium)

The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vector...

CWE-2852016

CVE-2016-7651

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intend...

CWE-2852016

CVE-2016-9938

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip...

CWE-2852016

CVE-2018-1113

MEDIUM

CVSS:5.3(Medium)

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemo...

CWE-2852018

CVE-2018-3778

MEDIUM

CVSS:5.3(Medium)

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.

CWE-2852018

CVE-2018-3829

MEDIUM

CVSS:5.3(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous run...

CWE-2852018