CVE-2022-24782 - Vulnerability Details

Vendors	Products
Discourse	Discourse

Link	Providers
https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356
https://github.com/discourse/discourse/pull/16273
https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343

{"containers": {"cna": {"affected": [{"product": "discourse", "vendor": "discourse", "versions": [{"status": "affected", "version": "stable <= 2.8.2"}, {"status": "affected", "version": "beta <= 2.9.0.beta3"}, {"status": "affected", "version": "tests-passed <= 2.9.0.beta3"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-24T20:35:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/pull/16273"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"}], "source": {"advisory": "GHSA-c3cq-w899-f343", "discovery": "UNKNOWN"}, "title": "Secure category names leaked via user activity export in Discourse", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24782", "STATE": "PUBLIC", "TITLE": "Secure category names leaked via user activity export in Discourse"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "discourse", "version": {"version_data": [{"version_value": "stable <= 2.8.2"}, {"version_value": "beta <= 2.9.0.beta3"}, {"version_value": "tests-passed <= 2.9.0.beta3"}]}}]}, "vendor_name": "discourse"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343", "refsource": "CONFIRM", "url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"}, {"name": "https://github.com/discourse/discourse/pull/16273", "refsource": "MISC", "url": "https://github.com/discourse/discourse/pull/16273"}, {"name": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356", "refsource": "MISC", "url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"}]}, "source": {"advisory": "GHSA-c3cq-w899-f343", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.482Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/pull/16273"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24782", "datePublished": "2022-03-24T20:35:10", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.482Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "matchCriteriaId": "92530146-660F-4474-A2C9-E12020382560", "versionEndIncluding": "2.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases."}, {"lang": "es", "value": "Discourse es una plataforma de debate de c\u00f3digo abierto. Las versiones 2.8.2 y anteriores en la rama \"stable\", versiones 2.9.0.beta3 y anteriores en la rama \"beta\", y versiones 2.9.0.beta3 y anteriores en la rama \"tests-passed\" son vulnerables a un filtrado de informaci\u00f3n. Los usuarios pueden solicitar una exportaci\u00f3n de su propia actividad. A veces, debido a la configuraci\u00f3n de la categor\u00eda, pueden tener una pertenencia a una categor\u00eda segura. El nombre de esta categor\u00eda segura es mostrada al usuario en la exportaci\u00f3n. Lo mismo ocurre cuando el post del usuario ha sido movido a una categor\u00eda segura. Un parche para este problema est\u00e1 disponible en la rama \"main\" del repositorio GitHub de Discourse y esta anticipado que forme parte de futuras versiones"}], "id": "CVE-2022-24782", "lastModified": "2024-11-21T06:51:05.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-24T21:15:13.933", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/pull/16273"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/commit/9d5737fd28374cc876c070f6c3a931a8071ec356"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse/pull/16273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse/security/advisories/GHSA-c3cq-w899-f343"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object