Vulnerability Description
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | <= 2.8.11 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441fPatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2Third Party Advisory
- https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441fPatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2Third Party Advisory
FAQ
What is CVE-2022-41944?
CVE-2022-41944 is a vulnerability with a CVSS score of 3.5 (LOW). Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for...
How severe is CVE-2022-41944?
CVE-2022-41944 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-41944?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.