CVE-2022-23546

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 - Patch, Third Party Advisory () https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 - Patch, Third Party Advisory
References () https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f - Third Party Advisory () https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f - Third Party Advisory
Summary
  • (es) En la versión 2.9.0.beta14 de Discourse, una plataforma de discusión de código abierto, las URL incrustadas maliciosamente pueden filtrar un resumen de temas recientes de un administrador, posiblemente exponiendo información privada. Hay un parche disponible para la versión 2.9.0.beta15. No se conocen workarounds para este problema.

Information

Published : 2023-01-05 19:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23546

Mitre link : CVE-2022-23546

CVE.ORG link : CVE-2022-23546


JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor