Skip to content

Composing a message from topic reveals whisper participants

Low
arpitjalan published GHSA-mx3h-vc7w-r9c6 Jan 5, 2022

Package

Discourse (Discourse)

Affected versions

stable <= v2.7.12; beta <= v2.8.0.beta10; tests-passed <= v2.8.0.beta10

Patched versions

stable >= 2.7.13; beta >= 2.8.0.beta11; tests-passed >= 2.8.0.beta11

Description

Impact

When composing a message from topic the composer user suggestions reveals whisper participants.

Patches

The problem is patched in the latest tests-passed, beta and stable versions of Discourse

References

702685b

Severity

Low

CVE ID

CVE-2022-21642

Weaknesses

No CWEs