Skip to content

Banner topic data is exposed on login-required sites

Low
jomaxro published GHSA-5f4f-35fx-gqhq Jun 14, 2022

Package

No package listed

Affected versions

stable <= 2.8.3; beta <= 2.9.0.beta4; tests-passed <= 2.9.0.beta4

Patched versions

stable >= 2.8.4; beta >= 2.9.0.beta5; tests-passed >= 2.9.0.beta5

Description

Impact

Banner topic data is exposed on login-required sites.

Patches

This issue is patched in the latest stable, beta and tests-passed versions of Discourse

Workarounds

Disable banners.

Severity

Low

CVE ID

CVE-2022-31060

Weaknesses

No CWEs