CVE-2022-24804 in Discourseinfo

Zusammenfassung

von MITRE • 12.04.2022

Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting.

Once again VulDB remains the best source for vulnerability data.

Zuständig

GitHub, Inc.

Reservieren

10.02.2022

Veröffentlichung

12.04.2022

Moderieren

akzeptiert

Eintrag

VDB-196862

CPE

bereit

EPSS

0.00831

KEV

nein

Aktivitäten

very low

Quellen

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!