漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Prevent unauthorized access to summary details in Discourse
Vulnerability Description
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Discourse 信息泄露漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse存在信息泄露漏洞,该漏洞源于允许未经授权的攻击者通过hide_user_profiles_from_public访问用户摘要。受影响的产品和版本:Discourse stable 3.1.1及之前版本, beta 3.2.0.beta2及之前版本,tests-passed 3.2.0.beta2及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A