CVE-2021-37703

Опубликовано: 13 авг. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.

Ссылки

https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4
Patch
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9
Third Party Advisory
https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4
Patch
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Версия до 2.7.8 (исключая)

cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00229

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

EPSS

Процентиль: 45%

0.00229

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200