📦

discourse_yearly_review

Name: discourse_yearly_review
Author: WatchStack

Vendor: discourse

Login to add this product to WatchStack

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.25% Exploit Prob.

Latest CVE CVE-2023-25169 Mar 06

Security Vulnerability Index

Page 1 / 1

3.1 CVSS

CVE-2023-25169

discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually.

EPSS: 0.25%

Severity: LOW

Mar 06, 2023

Displaying 1 of 1 Total Entries

1

Total 1 Sections