Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-29630 Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should only be available to the users that can manage a category. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no workarounds for this problem.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 23 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-04-23T18:39:31.151Z

Reserved: 2022-02-10T00:00:00.000Z

Link: CVE-2022-24850

cve-icon Vulnrichment

Updated: 2024-08-03T04:20:50.665Z

cve-icon NVD

Status : Modified

Published: 2022-04-14T22:15:08.003

Modified: 2024-11-21T06:51:14.090

Link: CVE-2022-24850

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.