2 matches found
CVE-2022-41913 Discourse-calendar exposes members of hidden groups
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2022-41913
CVE-2022-41913 affects the Discourse-calendar plugin for Discourse. When discourse_post_event_enabled is on, users can list members of private groups or private-group members in dynamic calendar posts, enabling disclosure of group membership. The issue is mitigated by upgrading to a version that ...