CVE-2024-52589

Опубликовано: 19 дек. 2024

Источник: nvd

CVSS3: 2.2

CVSS3: 2.7

EPSS Низкий

Описание

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.

Ссылки

https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*

Версия до 3.3.3 (исключая)

cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*

Версия до 3.4.0 (исключая)

cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*

EPSS

Процентиль: 53%

0.00303

Низкий

2.2 Low

CVSS3

2.7 Low

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 53%

0.00303

Низкий

2.2 Low

CVSS3

2.7 Low

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo