9 matches found
EUVD-2022-41839
Malicious code in bioql PyPI...
CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
BIT-DISCOURSE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
Improper access control
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
CVE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
PT-2022-24939 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, a platform for community discussion. Under certain conditions, a user badge may be awarded based on a user's activity in a...
CVE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge may be viewed by any...
CVE-2022-39378
Discourse exposes topic titles of restricted topics to users awarded a user badge. The root cause is access control: a badge awarded based on activity in a restricted topic could allow viewing the topic title by users who should not have access. Public disclosure occurred before patching; multipl...