PT-2023-12729 · Discourse · Discourse

Gregxsunday

Publicado

2023-01-05

Atualizado

2024-03-06

CVE-2022-23546

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse version 2.9.0.beta14

Description The issue in Discourse, an open-source discussion platform, involves maliciously embedded URLs that can leak an admin's digest of recent topics, potentially exposing private information. A patch is available to address this issue.

Recommendations For version 2.9.0.beta14, update to version 2.9.0.beta15 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BIT-DISCOURSE-2022-23546

CVE-2022-23546

GHSA-Q9JP-XV4G-328F

Produtos afetados

Discourse

PT-2023-12729 · Discourse · Discourse

CVE-2022-23546

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8