PT-2022-20498 · Discourse · Discourse

Lowjomaxropublished

Published

2022-06-14

Updated

2024-03-06

CVE-2022-31060

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.8.4 in the stable branch Discourse versions prior to 2.9.0.beta5 in the beta and tests-passed branches

Description Discourse is an open-source discussion platform. Prior to the fixed versions, banner topic data is exposed on login-required sites. As a workaround, one may disable banners.

Recommendations For versions prior to 2.8.4 in the stable branch, update to version 2.8.4 or later. For versions prior to 2.9.0.beta5 in the beta and tests-passed branches, update to version 2.9.0.beta5 or later. As a temporary workaround, consider disabling banners until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-DISCOURSE-2022-31060

CVE-2022-31060

GHSA-5F4F-35FX-GQHQ

Affected Products

Discourse

PT-2022-20498 · Discourse · Discourse

CVE-2022-31060

Weakness Enumeration

Related Identifiers

Affected Products

References · 8