CVE-2022-24850

Опубликовано: 14 апр. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.

Ссылки

https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Версия до 2.8.2 (исключая)

cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*

cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00187

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

EPSS

Процентиль: 41%

0.00187

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200