CVE-2024-52589

Published: Dec 19, 2024Modified: Aug 26, 2025

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.

Affected (4)

Products: Discourse: Discourse

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 3.4.0
Discourse Discourse	Before 3.3.3
Discourse Discourse	Version 3.4.0 beta1
Discourse Discourse	Version 3.4.0 beta2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.