HomePentest-Tools.com Logo

Discourse 2.9.x < 2.9.0.beta4 Multiple Vulnerabilities CVE-2018-25032CVE-2022-24804CVE-2022-24824CVE-2022-24850

Severity
CVSSv3 Score
4.3
Vulnerability description

Discourse is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2018-25032: Discourse ships Nokogiri with the following platform releases which includes zlib as a dependency which contains a memory corruption - CVE-2022-24804: Names of groups with restricted visibility may be leaked when viewing a category - CVE-2022-24824: Anonymous user cache poisoning via maliciously formed request - CVE-2022-24850: Category group permissions leaked to users that cannot edit a category

Recommendation

Update to version 2.9.0.beta4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 25, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available