CVE-2021-37703

discourse/discourse

on github

Published

August 13, 2021

Severity

CVSS v3:

4.3 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.

References

https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9
https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:discourse:discourse:2.8.0:beta1::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta2::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse:2.8.0:beta3::::::	n/a	n/a	2.8.0
cpe:2.3:a:discourse:discourse::::::::	n/a	2.7.8	*
cpe:2.3:a:discourse:discourse:2.8.0:beta4::::::	n/a	n/a	2.8.0

External Links

NVD - CVE-2021-37703