Unrated severityNVD Advisory· Published Nov 29, 2022· Updated Apr 23, 2025
Discourse may allow exposure of hidden tags in the subject of notification emails
CVE-2022-46150
Description
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches. As a workaround, use the disable_email site setting to disable all emails to non-staff users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<2.8.13 (stable) / <2.9.0.beta14 (beta, tests-passed)+ 1 more
- (no CPE)range: <2.8.13 (stable) / <2.9.0.beta14 (beta, tests-passed)
- (no CPE)range: < 2.8.13
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.