CVE-2022-41944
Last modified
CVE-2022-41944 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Discourse | Discourse | <= 2.8.11 | — |
| Discourse | Discourse | 2.9.0 | Beta1 |
References
- https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693Patch, Third Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2Third Party Advisory
- https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693Patch, Third Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-41944?
How severe is CVE-2022-41944?
How do I fix CVE-2022-41944?
Are you affected by CVE-2022-41944?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST