Описание
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.0 (включая)Версия до 3.2.0 (включая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*
EPSS
Процентиль: 30%
0.00109
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
EPSS
Процентиль: 30%
0.00109
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo