CVE-2022-46150
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the stable branch and version 2.9.0.beta14 of the beta and tests-passed branches. As a workaround, use the disable_email site setting to disable all emails to non-staff users.
| Software | From | Fixed in |
|---|---|---|
| discourse / discourse | 2.9.0-beta1 | 2.9.0-beta1.x |
| discourse / discourse | 2.9.0-beta2 | 2.9.0-beta2.x |
| discourse / discourse | 2.9.0-beta3 | 2.9.0-beta3.x |
| discourse / discourse | 2.9.0-beta4 | 2.9.0-beta4.x |
| discourse / discourse | 2.9.0-beta5 | 2.9.0-beta5.x |
| discourse / discourse | 2.9.0-beta7 | 2.9.0-beta7.x |
| discourse / discourse | 2.9.0-beta8 | 2.9.0-beta8.x |
| discourse / discourse | 2.9.0-beta6 | 2.9.0-beta6.x |
| discourse / discourse | 2.9.0-beta10 | 2.9.0-beta10.x |
| discourse / discourse | 2.9.0-beta11 | 2.9.0-beta11.x |
| discourse / discourse | 2.9.0-beta12 | 2.9.0-beta12.x |
| discourse / discourse | 2.9.0-beta13 | 2.9.0-beta13.x |
| discourse / discourse | - | 2.8.13 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime