CVE-2022-31060

Banner topic data is exposed on login-required Discourse sites

CVSS 5.3 MEDIUMEPSS 1.0%CWE-200

In short

Discourse exposes banner topic data to unauthenticated users on sites that require login. An attacker can access sensitive banner information without having an account or logging in.

Technical detail

An information disclosure vulnerability in Discourse versions prior to 2.8.4 (stable) and 2.9.0.beta5 (beta/tests-passed) allows unauthenticated attackers to retrieve banner topic metadata through improper access controls. The vulnerability requires the target site to have login requirements enabled; exploitation results in exposure of banner content that should be restricted to authenticated users.

Summary generated and translated by AI from the official description.

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

discourse · discourse

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/discourse/discourse/commit/ae6a9079436fb9b20fd051d25fb6d8027f0ec59a https://github.com/discourse/discourse/pull/17071 https://github.com/discourse/discourse/security/advisories/GHSA-5f4f-35fx-gqhq