How severe is CVE-2022-31096?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2022-31096?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2022-31096

MEDIUM Year: 2022

CVSS v3 Score

5.7

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-281

View all →

Vulnerability Description

Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue.

CVE-2024-43784

MEDIUM

CVSS:5.7(Medium)

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerabi...

CWE-2812024

CVE-2024-54513

MEDIUM

CVSS:5.7(Medium)

A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access...

CWE-2812024

CVE-2020-16910

MEDIUM

CVSS:5.5(Medium)

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firm...

CWE-2812020

CVE-2021-0704

MEDIUM

CVSS:5.5(Medium)

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions ...

CWE-2812021

CVE-2021-30912

MEDIUM

CVSS:5.5(Medium)

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access ...

CWE-2812021

CVE-2021-35079

MEDIUM

CVSS:5.5(Medium)

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...

CWE-2812021

CVE-2022-31096

Vulnerability Description

Related Vulnerabilities

CVE-2024-43784

CVE-2024-54513

CVE-2020-16910

CVE-2021-0704

CVE-2021-30912

CVE-2021-35079