5 matches found
Discourse < 2.8.10 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2022-39378
creationtimestamp| type| source ---|---|--- 2022-11-02 19:19:55+00:00| seen| https://t.me/cibsecurity/52487...
CVE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
CVE-2022-39378
Discourse exposes topic titles of restricted topics to users awarded a user badge. The root cause is access control: a badge awarded based on activity in a restricted topic could allow viewing the topic title by users who should not have access. Public disclosure occurred before patching; multipl...
CVE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...