Lucene search
China National Vulnerability DatabaseCNVD-2023-07923HistoryFeb 09, 2023 - 12:00 a.m.
Discourse Information Disclosure Vulnerability (CNVD-2023-07923)
2023-02-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
discourse
vulnerability
smtp
email addresses
disclosure
0.0005 Low
EPSS
Percentile
17.9%
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A security vulnerability exists in versions of Discourse prior to 2.8.14. The vulnerability stems from the fact that recipients of group SMTP emails can see the email addresses of all other users in the group SMTP thread. An attacker could exploit this vulnerability to obtain the email addresses of other users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| discourse discourse | lt | 2.8.14 |
Related
nvd
nvd
CVE-2022-46168
2023-01-05 18:15:08
cve
cve
CVE-2022-46168
2023-01-05 18:15:08
osv
osv
CVE-2022-46168
2023-01-05 18:15:08
BIT-discourse-2022-46168
2024-03-06 11:02:28
prion
prion
Design/Logic Flaw
2023-01-05 18:15:00
cvelist
cvelist
CVE-2022-46168 Group SMTP user emails are exposed in CC email header
2023-01-05 17:18:58
openvas
openvas
Discourse < 3.0.0.beta16 Multiple Vulnerabilities
2023-01-06 00:00:00
Discourse < 2.8.14 Multiple Vulnerability
2022-12-05 00:00:00