CVE-2024-52589

EUVD-2024-46242
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.2 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
GitHub_MCNA
2.2 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
discoursediscourse
𝑥
< 3.3.3
discoursediscourse
𝑥
< 3.4.0
discoursediscourse
3.4.0:beta1
discoursediscourse
3.4.0:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff