What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2022-24850.

What is the severity level of CVE-2022-24850?

The severity level of CVE-2022-24850 is medium with a CVSS score of 4.3.

How can I check if my Discourse version is affected by CVE-2022-24850?

You can check if your Discourse version is affected by CVE-2022-24850 by verifying if you are using version 2.8.2, 2.9.0-beta1, 2.9.0-beta2, or 2.9.0-beta3.

Is there a fix available for CVE-2022-24850?

A fix for CVE-2022-24850 may be available in a future update from Discourse. Please check with Discourse for patch information.

Where can I find more information about CVE-2022-24850?

You can find more information about CVE-2022-24850 on the GitHub security advisory page provided in the references.

Vulnerability/
CVE-2022-24850

medium

5.3

CWE

200

14/4/2022

3/8/2024

CVE-2022-24850: Category group permissions leaked in Discourse

First published: Thu Apr 14 2022(Updated: )

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Discourse	<2.8.2
Discourse Discourse	=2.9.0-beta1
Discourse Discourse	=2.9.0-beta2
Discourse Discourse	=2.9.0-beta3

Never miss a vulnerability like this again

Reference Links

https://github.com/discourse/discourse/security/advisories/GHSA-34xr-ff4w-mcpf

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2022-24850.
What is the severity level of CVE-2022-24850?
The severity level of CVE-2022-24850 is medium with a CVSS score of 4.3.
How can I check if my Discourse version is affected by CVE-2022-24850?
You can check if your Discourse version is affected by CVE-2022-24850 by verifying if you are using version 2.8.2, 2.9.0-beta1, 2.9.0-beta2, or 2.9.0-beta3.
Is there a fix available for CVE-2022-24850?
A fix for CVE-2022-24850 may be available in a future update from Discourse. Please check with Discourse for patch information.
Where can I find more information about CVE-2022-24850?
You can find more information about CVE-2022-24850 on the GitHub security advisory page provided in the references.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/discourse
canonical/discourse discourse
version/discourse discourse/2.9.0-beta1
version/discourse discourse/2.9.0-beta2
version/discourse discourse/2.9.0-beta3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.