Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23546

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.

Published

2023-01-05T19:15:09.327

Last Modified

2024-11-21T06:48:47.160

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	discourse	discourse	< 2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes

References

https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 Patch, Third Party Advisory ([email protected])
https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f Third Party Advisory ([email protected])
https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)