CVE-2022-39378

Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any user. If there are sensitive information in the topic title, it will therefore have been exposed. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are currently no known workarounds available.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*

History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f - Third Party Advisory () https://github.com/discourse/discourse/security/advisories/GHSA-2gvq-27h6-4h5f - Third Party Advisory

Information

Published : 2022-11-02 17:15

Updated : 2024-11-21 07:18


NVD link : CVE-2022-39378

Mitre link : CVE-2022-39378

CVE.ORG link : CVE-2022-39378


JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo