CVE-2022-23546

Published: Jan 5, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.

Affected (14)

Products: Discourse: Discourse

Discourse

1 product

Discourse

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 2.9.0
Discourse Discourse	Version 2.9.0 beta10
Discourse Discourse	Version 2.9.0 beta11
Discourse Discourse	Version 2.9.0 beta12
Discourse Discourse	Version 2.9.0 beta13
Discourse Discourse	Version 2.9.0 beta14
Discourse Discourse	Version 2.9.0 beta1
Discourse Discourse	Version 2.9.0 beta2
Discourse Discourse	Version 2.9.0 beta3
Discourse Discourse	Version 2.9.0 beta4
Discourse Discourse	Version 2.9.0 beta5
Discourse Discourse	Version 2.9.0 beta6
Discourse Discourse	Version 2.9.0 beta7
Discourse Discourse	Version 2.9.0 beta8