Lucene search
PRIOn knowledge basePRION:CVE-2022-24850HistoryApr 14, 2022 - 10:15 p.m.
Design/Logic Flaw
2022-04-1422:15:00
PRIOn knowledge base
www.prio-n.com
4
Discourse is an open source platform for community discussion. A category’s group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.
| CPE | Name | Operator | Version |
|---|---|---|---|
| discourse | eq | 2.9.0 beta1 | |
| discourse | eq | 2.9.0 beta2 | |
| discourse | eq | 2.9.0 beta3 | |
| discourse | lt | 2.8.2 |
Related
nvd
nvd
CVE-2022-24850
2022-04-14 22:15:08
cve
cve
CVE-2022-24850
2022-04-14 22:15:08
cvelist
cvelist
CVE-2022-24850 Category group permissions leaked in Discourse
2022-04-14 21:25:09
osv
osv
CVE-2022-24850
2022-04-14 22:15:08
BIT-discourse-2022-24850
2024-03-06 11:06:14
openvas
openvas
Discourse < 2.8.3 Multiple Vulnerabilities
2022-05-03 00:00:00
Discourse 2.9.x < 2.9.0.beta4 Multiple Vulnerabilities
2022-05-03 00:00:00