Vulnerability Description
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 2.7.13 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6PatchThird Party Advisory
- https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6PatchThird Party Advisory
FAQ
What is CVE-2022-21642?
CVE-2022-21642 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been p...
How severe is CVE-2022-21642?
CVE-2022-21642 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21642?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.