CVE Vulnerability

CVE-2022-46150

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv Third Party Advisory
https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
Information

Published : 2022-11-29 06:15

Updated : 2022-12-01 09:57

NVD link : CVE-2022-46150

Mitre link : CVE-2022-46150

Products Affected
No products.
CWE
CWE-200