CVE-2022-21642
Exposure of whisper participants in discourse
4.3
MEDIUM
CVSS 3.1
EPSS 0.25%
Description
Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.
How to fix CVE-2022-21642
To remediate CVE-2022-21642, upgrade the affected package to a fixed version below.
- —upgrade to 2.7.13 or later
Is CVE-2022-21642 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.7.13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |