CVE-2022-41944
CVSS V2 None
CVSS V3 None
Description
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
Overview
- CVE ID
- CVE-2022-41944
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-11-28T15:15:10.620
- Last Modified Date
- 2022-12-01T20:28:26.640
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:* | 1 | OR | 2.8.11 | |
| cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/discourse/discourse/commit/c6ee28ec756436cc9ce154dd2c8e4c441f92f693 | Patch Third Party Advisory |
| https://github.com/discourse/discourse/security/advisories/GHSA-354r-jpj5-53c2 | Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-41944 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41944 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-07 18:05:19 | Added to TrackCVE |