Home > Vulnerability Database > CVE-2021-41082

Mend.io Vulnerability Database

CVE-2021-41082

Good to know:

Date: September 20, 2021

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were not able to view the posts in the leaked private message despite seeing it in their inbox. The problematic commit was reverted around 32 minutes after it was made. Users are encouraged to upgrade to the latest commit if they are running Discourse against the `tests-passed` branch.

Language: Ruby

Severity Score

7.5

Related Resources (5)

Url: https://github.com/discourse/discourse/commit/ddb458343dc39a7a8c99467dcd809b444514fe2c

Url: https://github.com/discourse/discourse/security/advisories/GHSA-vm3x-w6jm-j9vv

Url: https://github.com/discourse/discourse/commit/27bad28c530c89acab35a56b945b6a3924280f4b

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41082

Url: https://www.mend.io/vulnerability-database/CVE-2021-41082

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41082

Good to know:

Date: September 20, 2021

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?