Vulnerability CVE-2022-23546


Published: 2023-01-05

Description:
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.

Type:

CWE-200

(Information Exposure)

 References:
https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8
https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f

Copyright 2026, cxsecurity.com

 

Back to Top