BIT-discourse-2022-46150
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2022-46150.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-discourse-2022-46150
- Aliases
-
- CVE-2022-46150
- GHSA-rqvq-94h8-p5wv
- Published
- 2024-03-06T11:02:48.405Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the
stablebranch and version 2.9.0.beta14 of thebetaandtests-passedbranches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of thestablebranch and version 2.9.0.beta14 of thebetaandtests-passedbranches. As a workaround, use thedisable_emailsite setting to disable all emails to non-staff users. - Database specific
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.8.13
- Type
- SEMVER
- Events
-
Introduced2.9.0-beta1Last affected2.9.0-beta1Introduced2.9.0-beta10Last affected2.9.0-beta10Introduced2.9.0-beta11Last affected2.9.0-beta11Introduced2.9.0-beta12Last affected2.9.0-beta12Introduced2.9.0-beta13Last affected2.9.0-beta13Introduced2.9.0-beta2Last affected2.9.0-beta2Introduced2.9.0-beta3Last affected2.9.0-beta3Introduced2.9.0-beta4Last affected2.9.0-beta4Introduced2.9.0-beta5Last affected2.9.0-beta5Introduced2.9.0-beta6Last affected2.9.0-beta6Introduced2.9.0-beta7Last affected2.9.0-beta7Introduced2.9.0-beta8Last affected2.9.0-beta8