CVE-2022-21677

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.7.13 Discourse versions prior to 2.8.0.beta11

Description A vulnerability has been discovered in Discourse where the group advanced search option does not respect the group's visibility and members visibility level. This allows a group with restricted visibility or members visibility to be revealed through search with the right search option. The issue concerns the configuration of group visibility and members visibility, which can be set to public, restricted to logged on users, members of the group, or staff users.

Recommendations For versions prior to 2.7.13, upgrade to version 2.7.13 or later. For versions prior to 2.8.0.beta11, upgrade to version 2.8.0.beta11 or later. As a temporary workaround is not available, upgrading to the specified versions is the only resolution to this issue.