What is the severity of CVE-2022-41913?

CVE-2022-41913 has been rated as a moderate severity vulnerability due to the potential exposure of private group member information.

How do I fix CVE-2022-41913?

To fix CVE-2022-41913, update the Discourse Calendar plugin to the latest version that addresses this vulnerability.

What versions are affected by CVE-2022-41913?

CVE-2022-41913 specifically affects version 0.2 of the Discourse Calendar plugin.

What type of vulnerability is CVE-2022-41913?

CVE-2022-41913 is a security vulnerability related to unauthorized access to member information in the Discourse Calendar plugin.

Is there a known exploit for CVE-2022-41913?

As of now, there are no publicly known exploits specifically targeting CVE-2022-41913.

Vulnerability/
CVE-2022-41913

medium

5.4

CWE

200

14/11/2022

3/8/2024

CVE-2022-41913: Discourse-calendar exposes members of hidden groups

First published: Mon Nov 14 2022(Updated: )

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it's possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Calendar plugin	=0.2

Remedy

https://github.com/discourse/discourse-calendar/commit/ca5ae3e7e0c2b32af5ca4ec69c95e95b2ecef2e9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-41913?
CVE-2022-41913 has been rated as a moderate severity vulnerability due to the potential exposure of private group member information.
How do I fix CVE-2022-41913?
To fix CVE-2022-41913, update the Discourse Calendar plugin to the latest version that addresses this vulnerability.
What versions are affected by CVE-2022-41913?
CVE-2022-41913 specifically affects version 0.2 of the Discourse Calendar plugin.
What type of vulnerability is CVE-2022-41913?
CVE-2022-41913 is a security vulnerability related to unauthorized access to member information in the Discourse Calendar plugin.
Is there a known exploit for CVE-2022-41913?
As of now, there are no publicly known exploits specifically targeting CVE-2022-41913.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/severity
agent/title
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/discourse
canonical/discourse calendar plugin
version/discourse calendar plugin/0.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.