Описание
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.11 (включая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00189
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-200
CWE-863
EPSS
Процентиль: 41%
0.00189
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-200
CWE-863