{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23546", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-01-19T21:23:53.798Z", "datePublished": "2023-01-05T18:10:08.048Z", "dateUpdated": "2025-03-10T21:32:03.679Z"}, "containers": {"cna": {"title": "Discourse vulnerable to private topic leak via email#send_digest", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"}, {"name": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"version": "= 2.9.0.beta14", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-05T18:10:08.048Z"}, "descriptions": [{"lang": "en", "value": "In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-q9jp-xv4g-328f", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.508Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"}, {"name": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T21:00:25.396101Z", "id": "CVE-2022-23546", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:32:03.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "name": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.508Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-23546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T21:00:25.396101Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T21:00:26.827Z"}}], "cna": {"title": "Discourse vulnerable to private topic leak via email#send_digest", "source": {"advisory": "GHSA-q9jp-xv4g-328f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "discourse", "product": "discourse", "versions": [{"status": "affected", "version": "= 2.9.0.beta14"}]}], "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f", "name": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "name": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-05T18:10:08.048Z"}}}, "cveMetadata": {"cveId": "CVE-2022-23546", "state": "PUBLISHED", "dateUpdated": "2025-03-10T21:32:03.679Z", "dateReserved": "2022-01-19T21:23:53.798Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-01-05T18:10:08.048Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "A387C9DC-A3A5-416B-A564-DBD4F345972B", "versionEndExcluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B3803EF9-A296-42B7-887F-93C5E68E94C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "35BAC488-3622-4B0B-B8EA-879E8C68E8CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "406A23B4-B971-4DC8-A132-EE9854FE8546", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "1DD3C47F-E49F-4E19-9EA7-A322C4CFD541", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "E924AC08-6978-4DFF-B616-9E3E9D6FBE1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "B5A3C7FB-B3B6-45F0-AD7D-062A50490AD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8BA3D313-3C11-43E2-A47D-CBB532D1B6F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6F42673E-65F3-4807-9484-20CB747420FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "0B91D023-FCE5-4866-AD8B-BBB675763104", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "0086484D-0164-449C-8AAE-BE7479CB9706", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "F9D1B031-96C7-44C0-A0A0-F67ABE55C93C", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "B68E308A-BDAB-4614-A563-4460F7996CBE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue."}, {"lang": "es", "value": "En la versi\u00f3n 2.9.0.beta14 de Discourse, una plataforma de discusi\u00f3n de c\u00f3digo abierto, las URL incrustadas maliciosamente pueden filtrar un resumen de temas recientes de un administrador, posiblemente exponiendo informaci\u00f3n privada. Hay un parche disponible para la versi\u00f3n 2.9.0.beta15. No se conocen workarounds para este problema."}], "id": "CVE-2022-23546", "lastModified": "2024-11-21T06:48:47.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-05T19:15:09.327", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}