Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sensitive information in the topic title, it will therefore have been exposed. This issue is patched in stable version 2.8.12, beta version 2.9.0.beta13, and tests-passed version 2.9.0.beta13. There are no workarounds available.
We have discovered 815 live websites that are affected by CVE-2022-41944.
Product | Discourse |
Category | Message Boards |
Vulnerable Domains | 815 live websites (15.60% of Discourse install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 67 versions ( 70.53% of all versions) |
United States | 545 websites |
Germany | 67 websites |
France | 37 websites |
Singapore | 24 websites |
China | 23 websites |
GB | 17 websites |
Brazil | 8 websites |
Netherlands | 8 websites |
Russia | 8 websites |
.com | 350 websites |
.org | 130 websites |
.io | 40 websites |
.net | 32 websites |
.de | 20 websites |
.co | 13 websites |
.fr | 10 websites |
.ru | 9 websites |
.eu | 8 websites |
.com.br | 8 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.***.com | France | *,*** | |
*********.*******.org | United States | **,*** | |
******.********.com | United States | **,*** | |
*********.***************.com | United States | **,*** | |
*********.**********.io | United States | ***,*** | |
*********.****.ly | United States | ***,*** | |
*************.de | United States | ***,*** | |
*****.***********.com | United States | ***,*** | |
*************.com | United States | ***,*** | |
*********.*********.io | United States | ***,*** |
FAQ