CVE-2022-21678
Published Jan 13, 2022
Last updated a year ago
Overview
- Description
- Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `<meta>` tags on their users' pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "131D6FC3-2C60-4524-9B4E-F8316312A606",
"versionEndExcluding": "2.7.13"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E7F8AC4-35D1-45E5-8A3A-B0205000A5D3"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A24507D-6D4B-4992-BCFE-232AF3BFCC30"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9AE12FE-0396-4843-8D30-D8C44FAE01DA"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F101AEAB-4FB7-4BE3-931B-595702D616C7"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6878B7F-2691-4D3F-8116-CB282FDAAAC7"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76EABAB9-BEA4-48D4-ADBA-D00746B29C52"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82A255A2-4658-41AD-A4DE-A7F8D018028D"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5804585-2EA4-4677-8EC1-5F561D5C7D7A"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "082A6871-080A-4AA7-AF4A-D664EA46488A"
},
{
"criteria": "cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A280205-A2DC-4E30-937B-5564C779FD5A"
}
],
"operator": "OR"
}
]
}
]