Vulnerability Description
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse-Chat | < 0.4 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse-chat/security/advisories/GHSA-r979-jhp2-3Third Party Advisory
- https://github.com/discourse/discourse-chat/security/advisories/GHSA-r979-jhp2-3Third Party Advisory
FAQ
What is CVE-2022-31095?
CVE-2022-31095 is a vulnerability with a CVSS score of 4.3 (MEDIUM). discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel th...
How severe is CVE-2022-31095?
CVE-2022-31095 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31095?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse-Chat.