Vulnerability Description
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | < 2.8.13 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aaPatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wvThird Party Advisory
- https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aaPatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wvThird Party Advisory
FAQ
What is CVE-2022-46150?
CVE-2022-46150 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the ...
How severe is CVE-2022-46150?
CVE-2022-46150 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46150?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.