Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Notifications leak in Discourse
Vulnerability Description
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who were tracking or watching the tags via /preferences/tags, then have their staff status revoked will still see notifications related to the tag, but will not see the tag on each topic. This issue has been patched in stable version 2.7.11. Users are advised to upgrade as soon as possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 存在安全漏洞,该漏洞源于标签组只能允许特定的组(如员工)查看特定的标签。通过偏好标签跟踪或监视标签的用户,如果他们的员工状态被撤销,仍然会看到与该标签相关的通知,但不会看到每个主题上的标签。漏洞会影响使用“标签仅对以下组可见”特性的标签组的用户。
CVSS Information
N/A
Vulnerability Type
N/A