{"vulnerability": "CVE-2022-31025", "sightings": [{"uuid": "6f44bf38-85cc-4c47-9f05-4f2e0c0acf38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31025", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m365n3idx22e", "content": "", "creation_timestamp": "2025-10-14T16:30:21.184086Z"}, {"uuid": "784a6a07-9d96-43ab-8ec9-5802c5dd54e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31025", "type": "seen", "source": "https://t.me/cibsecurity/43925", "content": "\u203c CVE-2022-31025 \u203c\n\nDiscourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T18:30:58.000000Z"}]}