CVE-2022-24850
on github
Published
Severity
CVSS v3:
4.3 MEDIUM
CVSS v2:
4 MEDIUM
Description
Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:* | n/a | n/a | 2.9.0 |
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* | n/a | 2.8.2 | * |