← volver
CVE-2024-52589

Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse

CVSS 2.2 LOWEPSS 0.2%CWE-200
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Productos afectados
discourse · discourse

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff