PT-2023-12729 · Discourse · Discourse

Gregxsunday

Published

2023-01-05

Updated

2024-03-06

CVE-2022-23546

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse version 2.9.0.beta14

Description The issue in Discourse, an open-source discussion platform, involves maliciously embedded URLs that can leak an admin's digest of recent topics, potentially exposing private information. A patch is available to address this issue.

Recommendations For version 2.9.0.beta14, update to version 2.9.0.beta15 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-DISCOURSE-2022-23546

CVE-2022-23546

GHSA-Q9JP-XV4G-328F

Affected Products

Discourse

PT-2023-12729 · Discourse · Discourse

CVE-2022-23546

Weakness Enumeration

Related Identifiers

Affected Products

References · 8