Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2024/03/06 11:7 a.m.16 views

BIT-DISCOURSE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue...

5.5CVSS5.5AI score0.0028EPSS
Exploits0References3
NVD
NVDadded 2023/01/05 6:15 p.m.15 views

CVE-2022-46168

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

3.5CVSS3.7AI score0.00523EPSS
Exploits0References2
Prion
Prionadded 2023/01/05 6:15 p.m.16 views

Design/Logic Flaw

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

3.5CVSS4AI score0.00523EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/01/05 6:10 p.m.70 views

CVE-2022-23546

Discourse 2.9.0.beta14 contains an information disclosure vulnerability where maliciously embedded URLs can leak an admin’s digest of recent topics. The issue stems from how topic digests are assembled for emails/digests, leading to leakage of private information to unintended recipients. A patch...

5.5CVSS5.6AI score0.0028EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/01/05 5:18 p.m.63 views

CVE-2022-46168

CVE-2022-46168 affects Discourse. Before versions 2.8.14 (stable) and 2.9.0.beta15 (beta/tests-passed), recipients of group SMTP emails could see other users’ email addresses in the group thread. The issue is mitigated by the fixes in 2.8.14 and 2.9.0.beta15, which mask those emails with blind ca...

3.5CVSS3.6AI score0.00523EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/01/05 5:18 p.m.18 views

CVE-2022-46168 Group SMTP user emails are exposed in CC email header

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

3.5CVSS5.3AI score0.00523EPSS
Exploits0References2
OSV
OSVadded 2023/01/05 5:18 p.m.12 views

CVE-2022-46168 Group SMTP user emails are exposed in CC email header

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

3.5CVSS4.7AI score0.00523EPSS
Exploits0References4
Rows per page
Query Builder