CVE-2022-21678
on github
Published
Severity
CVSS v3:
4.3 MEDIUM
CVSS v2:
4 MEDIUM
Description
Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:* | n/a | n/a | 2.8.0 |
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* | n/a | 2.7.13 | * |
cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:* | n/a | n/a | 2.8.0 |