CVE-2022-39378

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest stable, beta and tests-passed versions

Description The issue affects Discourse, a platform for community discussion. Under certain conditions, a user badge may be awarded based on a user's activity in a topic with restricted access. Before this issue was disclosed, the topic title of the topic associated with the user badge could be viewed by any user, potentially exposing sensitive information in the topic title.

Recommendations For versions prior to the latest stable, beta and tests-passed versions, update to the latest stable, beta or tests-passed version of Discourse to resolve the issue. At the moment, there is no information about other workarounds for this issue.