CVE-2022-31060

Published: Jun 14, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners.

Affected (5)

Products: Discourse: Discourse

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 2.8.4
Discourse Discourse	Version 2.9.0 beta1
Discourse Discourse	Version 2.9.0 beta2
Discourse Discourse	Version 2.9.0 beta3
Discourse Discourse	Version 2.9.0 beta4

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/discourse/discourse/pull/17071

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq

Source: security-advisories@github.com

Third Party Advisory

https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/discourse/discourse/pull/17071

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.