Skip to content

Hide user's bio if profile is restricted

Low
jomaxro published GHSA-jwww-46gv-564m Jan 13, 2022

Package

Discourse (Discourse)

Affected versions

stable <= v2.7.12; beta <= v2.8.0.beta10; tests-passed <= v2.8.0.beta10

Patched versions

stable >= 2.7.13; beta >= 2.8.0.beta11; tests-passed >= 2.8.0.beta11

Description

Impact

The bio of users who made their profiles private was still visible in the <meta> tags on their user's page.

Patches

The problem is patched in the latest tests-passed, beta and stable versions of Discourse

References

5e2e178, c0bb775

Severity

Low

CVE ID

CVE-2022-21678

Weaknesses

No CWEs