CVE-2022-24866

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/discourse/discourse-assign/pull/320	Issue Tracking Patch Third Party Advisory
https://github.com/discourse/discourse-assign/security/advisories/GHSA-9xhf-wvjx-f5w9	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:discourse:assign:*:*:*:*:*:discourse:*:*

History

No history.

Information

Published : 2022-04-26 19:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-24866

Mitre link : CVE-2022-24866

CVE.ORG link : CVE-2022-24866

JSON object : View

Products Affected

discourse

assign

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2022-24866", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-04-26T19:15:49.873", "references": [{"url": "https://github.com/discourse/discourse-assign/pull/320", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/discourse/discourse-assign/security/advisories/GHSA-9xhf-wvjx-f5w9", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds."}, {"lang": "es", "value": "Discourse Assign es un plugin para asignar usuarios a un tema en Discourse, una plataforma de mensajer\u00eda de c\u00f3digo abierto. En versiones anteriores a 1.0.1, el UserBookmarkSerializer serializaba todo el objeto User / Group, lo que filtraba determinada informaci\u00f3n privada. Los datos s\u00f3lo eran serializados a personas que pod\u00edan visualizar la informaci\u00f3n de la asignaci\u00f3n, que est\u00e1 limitada al personal por defecto. Para la gran mayor\u00eda de los sitios, estos datos s\u00f3lo son filtrados a miembros del personal confiables, pero para los sitios con caracter\u00edsticas de asignaci\u00f3n habilitadas p\u00fablicamente, los datos fueron accesibles a m\u00e1s personas que s\u00f3lo el personal. La versi\u00f3n 1.0.1 contiene un parche. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas"}], "lastModified": "2022-05-06T14:08:23.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:assign:*:*:*:*:*:discourse:*:*", "vulnerable": true, "matchCriteriaId": "2AABF131-EC65-4DAF-83D9-A7A901404EFE", "versionEndExcluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}