PT-2024-35385 · Discourse · Discourse

Lowpmusaraj

Published

2024-12-19

Updated

2025-08-26

CVE-2024-52589

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest version

Description Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user.

Recommendations For versions prior to the latest version, remove the moderator role from untrusted users. For the latest version, no action is required as the issue is already patched. At the moment, there is no information about other mitigation measures for this issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-DISCOURSE-2024-52589

CVE-2024-52589

GHSA-CQW6-RR3V-8FFF

Affected Products

Discourse

PT-2024-35385 · Discourse · Discourse

CVE-2024-52589

Weakness Enumeration

Related Identifiers

Affected Products

References · 9