Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46150

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.

Published

2022-11-29T18:15:10.467

Last Modified

2024-11-21T07:30:12.553

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	discourse	discourse	< 2.8.13	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes
Application	discourse	discourse	2.9.0	Yes

References

https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b Patch, Third Party Advisory ([email protected])
https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv Third Party Advisory ([email protected])
https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)