Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/security/advisories/GHSA-gq2h-qhg2-phf9 | Third Party Advisory |
https://github.com/discourse/discourse/commit/aed65ec16d38886d7be7209d8c02df4ffd4937a4 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-08-13 09:15
Updated : 2021-08-30 04:08
NVD link : CVE-2021-37703
Mitre link : CVE-2021-37703
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
discourse
- discourse