Skip to content

FIX: private topics leak via email#send_digest

Moderate
jomaxro published GHSA-q9jp-xv4g-328f Jan 5, 2023

Package

No package listed

Affected versions

2.9.0.beta14

Patched versions

2.9.0.beta15

Description

Impact

Maliciously embedded urls can leak an admin's digest of recent topics possibly exposing private information.

Patches

Patch has been applied.

Workarounds

Upgrading is necessary.

Severity

Moderate
5.5
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE ID

CVE-2022-23546

Weaknesses

No CWEs

Credits