What is CVE-2022-23546?

CVE-2022-23546 is a vulnerability in version 2.9.0.beta14 of Discourse, an open-source discussion platform, that can leak an admin's digest of recent topics through maliciously embedded URLs.

How severe is CVE-2022-23546?

CVE-2022-23546 has a severity rating of 5.5 (medium).

Which software versions are affected by CVE-2022-23546?

Version 2.9.0.beta14 of Discourse is affected by CVE-2022-23546.

Is there a patch available for CVE-2022-23546?

Yes, a patch is available for version 2.9.0.beta15 of Discourse to fix CVE-2022-23546.

Are there any known workarounds for CVE-2022-23546?

No, there are no known workarounds for CVE-2022-23546.

Vulnerability/
CVE-2022-23546

medium

5.5

CWE

200

5/1/2023

3/8/2024

CVE-2022-23546: Discourse vulnerable to private topic leak via email#send_digest

First published: Thu Jan 05 2023(Updated: )

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Discourse	<2.9.0
Discourse Discourse	=2.9.0-beta1
Discourse Discourse	=2.9.0-beta10
Discourse Discourse	=2.9.0-beta11
Discourse Discourse	=2.9.0-beta12
Discourse Discourse	=2.9.0-beta13
Discourse Discourse	=2.9.0-beta14
Discourse Discourse	=2.9.0-beta2
Discourse Discourse	=2.9.0-beta3
Discourse Discourse	=2.9.0-beta4
Discourse Discourse	=2.9.0-beta5
Discourse Discourse	=2.9.0-beta6
Discourse Discourse	=2.9.0-beta7
Discourse Discourse	=2.9.0-beta8

Remedy

https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-23546?
CVE-2022-23546 is a vulnerability in version 2.9.0.beta14 of Discourse, an open-source discussion platform, that can leak an admin's digest of recent topics through maliciously embedded URLs.
How severe is CVE-2022-23546?
CVE-2022-23546 has a severity rating of 5.5 (medium).
Which software versions are affected by CVE-2022-23546?
Version 2.9.0.beta14 of Discourse is affected by CVE-2022-23546.
Is there a patch available for CVE-2022-23546?
Yes, a patch is available for version 2.9.0.beta15 of Discourse to fix CVE-2022-23546.
Are there any known workarounds for CVE-2022-23546?
No, there are no known workarounds for CVE-2022-23546.

collector/nvd-index
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/severity
agent/remedy
agent/author
agent/last-modified-date
agent/event
agent/first-publish-date
agent/tags
agent/description
vendor/discourse
canonical/discourse discourse
version/discourse discourse/2.9.0-beta1
version/discourse discourse/2.9.0-beta10
version/discourse discourse/2.9.0-beta11
version/discourse discourse/2.9.0-beta12
version/discourse discourse/2.9.0-beta13
version/discourse discourse/2.9.0-beta14
version/discourse discourse/2.9.0-beta2
version/discourse discourse/2.9.0-beta3
version/discourse discourse/2.9.0-beta4
version/discourse discourse/2.9.0-beta5
version/discourse discourse/2.9.0-beta6
version/discourse discourse/2.9.0-beta7
version/discourse discourse/2.9.0-beta8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.