PT-2022-16875 · Discourse · Discourse
Lowjomaxropublished
·
Published
2022-03-24
·
Updated
2024-03-06
·
CVE-2022-24782
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions 2.8.2 and prior in the
stable branch
Discourse versions 2.9.0.beta3 and prior in the beta branch
Discourse versions 2.9.0.beta3 and prior in the tests-passed branchDescription
Discourse is an open source discussion platform. Users can request an export of their own activity, which may sometimes include the name of a secure category due to category settings, potentially leading to a data leak. This can occur when a user has category membership for a secure category or when their post has been moved to a secure category.
Recommendations
For versions 2.8.2 and prior in the
stable branch, update to a version that includes the patch available in the main branch of Discourse's GitHub repository.
For versions 2.9.0.beta3 and prior in the beta branch, update to a version that includes the patch available in the main branch of Discourse's GitHub repository.
For versions 2.9.0.beta3 and prior in the tests-passed branch, update to a version that includes the patch available in the main branch of Discourse's GitHub repository.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse