Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2 | Patch Third Party Advisory |
https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Apr 2022, 17:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:* cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:* |
|
References | (MISC) https://github.com/discourse/discourse/commit/0f7b9878ff3207ce20970f0517604793920bb3d2 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/discourse/discourse/security/advisories/GHSA-v4c9-6m9g-37ff - Third Party Advisory | |
CWE | CWE-276 | |
First Time |
Discourse
Discourse discourse |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
11 Apr 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-11 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24804
Mitre link : CVE-2022-24804
CVE.ORG link : CVE-2022-24804
JSON object : View
Products Affected
discourse
- discourse