Lucene search
K

8 matches found

OSV
OSV
added 2024/03/06 11:8 a.m.22 views

BIT-DISCOURSE-2022-21642 Exposure of whisper participants in discourse

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS4.7AI score0.00727EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:7 a.m.22 views

BIT-DISCOURSE-2022-21678 User's bio visible even if profile is restricted in Discourse

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...

4.3CVSS4.8AI score0.00908EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/14 12:0 a.m.3 views

PT-2022-15029 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.13 Discourse versions prior to 2.8.0.beta11 Description: A vulnerability has been discovered in Discourse where the group advanced search option does not respect the group's visibility and members visibility...

5.3CVSS5AI score0.01174EPSS
Exploits0References7
OSV
OSV
added 2022/01/13 9:5 p.m.26 views

CVE-2022-21684 User can bypass approval when invited to Discourse

Discourse is an open source discussion platform. Versions prior to 2.7.13 in stable, 2.8.0.beta11 in beta, and 2.8.0.beta11 in tests-passed allow some users to log in to a community before they should be able to do so. A user invited via email to a forum with mustapproveusers enabled is going to ...

4.3CVSS8.2AI score0.00964EPSS
Exploits0References5
NVD
NVD
added 2022/01/13 6:15 p.m.26 views

CVE-2022-21678

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...

4.3CVSS0.00908EPSS
Exploits0References3
Prion
Prion
added 2022/01/13 6:15 p.m.23 views

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...

4CVSS4.7AI score0.00908EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/01/05 7:15 p.m.36 views

CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS0.00727EPSS
Exploits0References2
OSV
OSV
added 2022/01/05 7:5 p.m.37 views

CVE-2022-21642 Exposure of whisper participants in discourse

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS4.6AI score0.00727EPSS
Exploits0References4
Rows per page
Query Builder