CVE-2022-41944

Discourse users can see notifications for topics they no longer have access to

Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.


We have discovered 815 live websites that are affected by CVE-2022-41944.

Contact us to get more info




Affected Software

Product  Discourse
Category Message Boards
Vulnerable Domains815 live websites (15.60% of Discourse install base)
Vulnerable Versions
  • from 0 before 2.8.12
  • from 2.9 before 2.9
Vulnerable Versions Count67 versions ( 70.53% of all versions)


Common Weakness Enumeration

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor



Details

  • Published - Nov 28, 2022
  • Updated - Aug 3, 2024

CVE-2022-41944 usage by Country

United States545 websites



Germany67 websites
France37 websites
Singapore24 websites
China23 websites
GB17 websites
Brazil8 websites
Netherlands8 websites
Russia8 websites

CVE-2022-41944 usage by TLD

.com350 websites
.org130 websites
.io40 websites
.net32 websites
.de20 websites
.co13 websites
.fr10 websites
.ru9 websites
.eu8 websites
.com.br8 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2022-41944

Top websites that are affected by CVE-2022-41944. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.***.com France*,***
*********.*******.org United States**,***
******.********.com United States**,***
*********.***************.com United States**,***
*********.**********.io United States***,***
*********.****.ly United States***,***
*************.de United States***,***
*****.***********.com United States***,***
*************.com United States***,***
*********.*********.io United States***,***
See full domain list

FAQ

CVE-2022-41944 is Exposure of Sensitive Information to an Unauthorized Actor in Discourse
A total of 815 websites have been identified as vulnerable to CVE-2022-41944, discovered through global website indexing conducted by WebTechSurvey.
Discourse is susceptible to CVE-2022-41944 vulnerability.
Discourse versions before 2.9 are vulnerable to CVE-2022-41944.
Version 2.9 of Discourse addresses the CVE-2022-41944 security vulnerability.