BIT-discourse-2024-52589

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2024-52589.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-discourse-2024-52589

Aliases

CVE-2024-52589
GHSA-cqw6-rr3v-8fff

Published

2024-12-23T19:10:30.112Z

Modified

2025-08-27T09:06:48.117Z

Summary

Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse

Details

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.

Database specific

{
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*"
    ],
    "severity": "Low"
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.3

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2024-52589.json"