CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
discoursediscourse
𝑥
< 2.8.9
discoursediscourse
2.9.0:beta1
discoursediscourse
2.9.0:beta2
discoursediscourse
2.9.0:beta3
discoursediscourse
2.9.0:beta4
discoursediscourse
2.9.0:beta5
discoursediscourse
2.9.0:beta6
discoursediscourse
2.9.0:beta7
discoursediscourse
2.9.0:beta8
discoursediscourse
2.9.0:beta9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835
https://github.com/discourse/discourse/pull/18421
https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv
https://github.com/discourse/discourse/commit/b27d5626d208a22c516a0adfda7554b67b493835
https://github.com/discourse/discourse/pull/18421
https://github.com/discourse/discourse/security/advisories/GHSA-grvh-qcpg-hfmv