BIT-discourse-2022-41944

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2022-41944.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-discourse-2022-41944
Aliases
Published
2024-03-06T11:03:09.082Z
Modified
2025-05-20T10:02:07.006Z
Summary
Discourse users can see notifications for topics they no longer have access to
Details

Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / discourse

Package

Name
discourse
Purl
pkg:bitnami/discourse

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.8.11
Introduced
2.9.0-beta1
Last affected
2.9.0-beta1
Introduced
2.9.0-beta10
Last affected
2.9.0-beta10
Introduced
2.9.0-beta11
Last affected
2.9.0-beta11
Introduced
2.9.0-beta12
Last affected
2.9.0-beta12
Introduced
2.9.0-beta2
Last affected
2.9.0-beta2
Introduced
2.9.0-beta3
Last affected
2.9.0-beta3
Introduced
2.9.0-beta4
Last affected
2.9.0-beta4
Introduced
2.9.0-beta5
Last affected
2.9.0-beta5
Introduced
2.9.0-beta6
Last affected
2.9.0-beta6
Introduced
2.9.0-beta7
Last affected
2.9.0-beta7
Introduced
2.9.0-beta8
Last affected
2.9.0-beta8
Introduced
2.9.0-beta9
Last affected
2.9.0-beta9