{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46159", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-11-28T17:27:19.997Z", "datePublished": "2022-12-02T14:15:11.740Z", "dateUpdated": "2025-04-23T16:33:08.773Z"}, "containers": {"cna": {"title": "Any authenticated Discourse user can create an unlisted topic", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"}, {"name": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "<= 2.8.13", "status": "affected"}, {"version": ">= 2.9.0.beta0, <= 2.9.0.beta14", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-02T14:15:11.740Z"}, "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.\n"}], "source": {"advisory": "GHSA-qf99-xpx6-hgxp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.376Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"}, {"name": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:53:15.607538Z", "id": "CVE-2022-46159", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:33:08.773Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382", "name": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.376Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-46159", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:53:15.607538Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:53:16.891Z"}}], "cna": {"title": "Any authenticated Discourse user can create an unlisted topic", "source": {"advisory": "GHSA-qf99-xpx6-hgxp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "<= 2.8.13"}, {"status": "affected", "version": ">= 2.9.0.beta0, <= 2.9.0.beta14"}]}], "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382", "name": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-02T14:15:11.740Z"}}}, "cveMetadata": {"cveId": "CVE-2022-46159", "state": "PUBLISHED", "dateUpdated": "2025-04-23T16:33:08.773Z", "dateReserved": "2022-11-28T17:27:19.997Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-12-02T14:15:11.740Z", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0A7BB8C-9904-42B5-8D91-0275CCA5D74F", "versionEndIncluding": "2.8.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take up unnecessary site resources. A patch for this issue is available in the `main` branch of Discourse. There are no known workarounds available.\n"}, {"lang": "es", "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En la versi\u00f3n 2.8.13 y anteriores en la rama `stable` y en la versi\u00f3n 2.9.0.beta14 y anteriores en las ramas `beta` y `tests-passed`, cualquier usuario autenticado puede crear un tema no listado. Estos temas, que no est\u00e1n disponibles para otros usuarios, pueden consumir recursos innecesarios del sitio. Hay un parche para este problema disponible en la rama \"principal\" de Discourse. No se conocen workarounds disponibles."}], "id": "CVE-2022-46159", "lastModified": "2024-11-21T07:30:13.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-02T15:15:10.090", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/0ce38bd7bce862db251b882613ab7053ca777382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-qf99-xpx6-hgxp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}