CVE-2023-37904
LowCVSS 2.6Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
Discourse is an open source discussion platform, where prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in versions 3.0.6 and 3.1.0.beta7.
Risk Assessment
Organizations may be exposed to unauthorized user account creation, which could lead to abuse and data security issues.
Recommendation
It is recommended to upgrade to version 3.0.6 or 3.1.0.beta7. As a workaround, restrict invites to email addresses.
Original NVD description (English source)
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.

