Unrated severityNVD Advisory· Published Nov 28, 2022· Updated Apr 23, 2025
Discourse users can see notifications for topics they no longer have access to
CVE-2022-41944
Description
Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<2.8.12, <2.9.0.beta.13+ 1 more
- (no CPE)range: <2.8.12, <2.9.0.beta.13
- (no CPE)range: < 2.8.12
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.