Unrated severityNVD Advisory· Published Nov 29, 2022· Updated Apr 23, 2025

Discourse may allow exposure of hidden tags in the subject of notification emails

CVE-2022-46150

Description

Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches. As a workaround, use the disable_email site setting to disable all emails to non-staff users.

Affected products

Discourse (software)/Discoursev5
Range: < 2.8.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3bmitre
github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wvmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000