{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T16:48:13.227","vulnerabilities":[{"cve":{"id":"CVE-2022-46150","sourceIdentifier":"security-advisories@github.com","published":"2022-11-29T18:15:10.467","lastModified":"2024-11-21T07:30:12.553","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users."},{"lang":"es","value":"Discourse es una plataforma de debate de código abierto. Antes de la versión 2.8.13 de la rama `stable` y la versión 2.9.0.beta14 de las ramas `beta` y `tests-passed`, los usuarios no autorizados podían enterarse de la existencia de etiquetas ocultas y de que se habían aplicado a temas a los que tienen acceso. Este problema se solucionó en la versión 2.8.13 de la rama \"stable\" y en la versión 2.9.0.beta14 de las ramas \"beta\" y \"tests-passed\". Como workaround, utilice la configuración del sitio `disable_email` para desactivar todos los correos electrónicos dirigidos a usuarios que no pertenecen al personal."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8.13","matchCriteriaId":"140D3326-21AC-459D-8196-E17C9046AE3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta1:*:*:*:*:*:*","matchCriteriaId":"B3803EF9-A296-42B7-887F-93C5E68E94C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta10:*:*:*:*:*:*","matchCriteriaId":"35BAC488-3622-4B0B-B8EA-879E8C68E8CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta11:*:*:*:*:*:*","matchCriteriaId":"406A23B4-B971-4DC8-A132-EE9854FE8546"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta12:*:*:*:*:*:*","matchCriteriaId":"1DD3C47F-E49F-4E19-9EA7-A322C4CFD541"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta13:*:*:*:*:*:*","matchCriteriaId":"E924AC08-6978-4DFF-B616-9E3E9D6FBE1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta2:*:*:*:*:*:*","matchCriteriaId":"8BA3D313-3C11-43E2-A47D-CBB532D1B6F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta3:*:*:*:*:*:*","matchCriteriaId":"6F42673E-65F3-4807-9484-20CB747420FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta4:*:*:*:*:*:*","matchCriteriaId":"0B91D023-FCE5-4866-AD8B-BBB675763104"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*","matchCriteriaId":"0086484D-0164-449C-8AAE-BE7479CB9706"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*","matchCriteriaId":"F9D1B031-96C7-44C0-A0A0-F67ABE55C93C"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*","matchCriteriaId":"750D2AD9-35E7-4AC7-9C22-AA90DAA34F3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*","matchCriteriaId":"B68E308A-BDAB-4614-A563-4460F7996CBE"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}