CVE-2021-41082 in Discourseinfo

Zusammenfassung

von MITRE • 21.09.2021

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub, Inc.

Reservieren

15.09.2021

Veröffentlichung

21.09.2021

Moderieren

akzeptiert

Eintrag

VDB-183003

CPE

bereit

CWE

CWE-200 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00702

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-41082
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-41082
CVE Details	https://www.cvedetails.com/cve/CVE-2021-41082/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!