4 matches found
CVE-2022-21677
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a...
CVE-2022-21677 Group advanced search option may leak group and group's members visibility
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a...
CVE-2022-21677
CVE-2022-21677 affects Discourse prior to versions 2.7.13 and 2.8.0.beta11, where the group advanced search option could reveal restricted group visibility or members visibility. The root cause is that search did not respect the configured visibility levels. The issue results in information discl...
Discourse < 2.7.13 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...