CVE-2022-41944

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.8.12 Discourse versions prior to 2.9.0.beta13

Description Discourse is an open-source discussion platform. Under certain conditions, a user can see notifications for topics they no longer have access to, potentially exposing sensitive information in the topic title.

Recommendations For versions prior to 2.8.12, update to version 2.8.12 or later. For versions prior to 2.9.0.beta13, update to version 2.9.0.beta13 or later.

Exploit

Fix

Incorrect Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-200

Related Identifiers

BIT-DISCOURSE-2022-41944

CVE-2022-41944

GHSA-354R-JPJ5-53C2

Affected Products

Discourse

CVE-2022-41944

Weakness Enumeration

Related Identifiers

Affected Products

References · 8