{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:34:34.091","vulnerabilities":[{"cve":{"id":"CVE-2022-39385","sourceIdentifier":"security-advisories@github.com","published":"2022-11-14T21:15:15.007","lastModified":"2024-11-21T07:18:11.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been resolved in commit `a414520742` and will be included in future releases. Users are advised to upgrade. Users are also advised to set `SiteSetting.max_invites_per_day` to 0 until the patch is installed."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. En algunos casos excepcionales, los usuarios que canjean una invitación pueden ser agregados como participantes a varios temas de mensajes privados a los que no se les debe agregar. No se les notifica esto, sucede de forma transparente en segundo plano. Este problema se resolvió en el commit \"a414520742\" y se incluirá en versiones futuras. Se recomienda a los usuarios que actualicen. También se recomienda a los usuarios que establezcan `SiteSetting.max_invites_per_day` en 0 hasta que se instale el parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.10","matchCriteriaId":"6B12D112-6E19-48E4-92C4-0719F6719929"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*","matchCriteriaId":"B3803EF9-A296-42B7-887F-93C5E68E94C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*","matchCriteriaId":"35BAC488-3622-4B0B-B8EA-879E8C68E8CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*","matchCriteriaId":"8BA3D313-3C11-43E2-A47D-CBB532D1B6F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*","matchCriteriaId":"6F42673E-65F3-4807-9484-20CB747420FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*","matchCriteriaId":"0B91D023-FCE5-4866-AD8B-BBB675763104"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*","matchCriteriaId":"0086484D-0164-449C-8AAE-BE7479CB9706"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*","matchCriteriaId":"F9D1B031-96C7-44C0-A0A0-F67ABE55C93C"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*","matchCriteriaId":"750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*","matchCriteriaId":"B68E308A-BDAB-4614-A563-4460F7996CBE"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/a414520742da8dc9dc976d4fb7b72dbd445813bb","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-gh5r-j595-qx48","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/commit/a414520742da8dc9dc976d4fb7b72dbd445813bb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-gh5r-j595-qx48","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}