CVE-2022-39226 - OpenCVE

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Discourse	Discourse

Configuration 1 [-]

OR	cpe:2.3:a:discourse:discourse::::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta1::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta2::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta3::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta4::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta5::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta6::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta7::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta8::::::
	cpe:2.3:a:discourse:discourse:2.9.0:beta9::::::

No data.

References

Link	Providers
https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71
https://github.com/discourse/discourse/pull/18302
https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-09-29T20:05:11

Updated: 2024-08-03T12:00:43.589Z

Reserved: 2022-09-02T00:00:00

Link: CVE-2022-39226

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-29T20:15:13.760

Modified: 2022-10-05T21:16:28.857

Link: CVE-2022-39226

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "discourse", "vendor": "discourse", "versions": [{"status": "affected", "version": "< 2.8.9"}, {"status": "affected", "version": ">= 2.9.0.beta0, < 2.9.0.beta10"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T20:05:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/pull/18302"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"}], "source": {"advisory": "GHSA-jw3q-xg5g-qjrw", "discovery": "UNKNOWN"}, "title": "Discourse user profile location and website fields were not sufficiently length-limited", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39226", "STATE": "PUBLIC", "TITLE": "Discourse user profile location and website fields were not sufficiently length-limited"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "discourse", "version": {"version_data": [{"version_value": "< 2.8.9"}, {"version_value": ">= 2.9.0.beta0, < 2.9.0.beta10"}]}}]}, "vendor_name": "discourse"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}, {"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw", "refsource": "CONFIRM", "url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"}, {"name": "https://github.com/discourse/discourse/pull/18302", "refsource": "MISC", "url": "https://github.com/discourse/discourse/pull/18302"}, {"name": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71", "refsource": "MISC", "url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"}]}, "source": {"advisory": "GHSA-jw3q-xg5g-qjrw", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:43.589Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/pull/18302"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39226", "datePublished": "2022-09-29T20:05:11", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:43.589Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BC8F74E-6BEF-4A8C-AF34-A0FC24A1EDFE", "versionEndExcluding": "2.8.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "5DEDE4C5-2C2A-4B74-BB41-8AAA0EE636E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds."}, {"lang": "es", "value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a 2.8.9 en la rama \"stable\" y anteriores a 2.9.0.beta10 en las ramas \"beta\" y \"tests-passed\", un actor malicioso puede a\u00f1adir grandes cargas de texto en los campos Location y Website de un perfil de usuario, lo que causa problemas a otros usuarios cuando es cargado ese perfil. En versi\u00f3n 2.8.9 de la rama \"stable\" y en la versi\u00f3n 2.9.0.beta10 de las ramas \"beta\" y \"tests-passed\" es incluida una correcci\u00f3n para limitar la longitud de la entrada del usuario en estos campos. No se presentan mitigaciones conocidas"}], "id": "CVE-2022-39226", "lastModified": "2022-10-05T21:16:28.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-09-29T20:15:13.760", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/e69f7d2fd9c977dedbdb17f6813651e2a45bfb71"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/pull/18302"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-jw3q-xg5g-qjrw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Secondary"}]}