CVE-2024-52589: Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse

2.2 CVSS

Description

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users.

Classification

CVE ID: CVE-2024-52589

CVSS Base Severity: LOW

CVSS Base Score: 2.2

Affected Products

Vendor: discourse

Product: discourse

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/discourse/discourse/security/advisories/GHSA-cqw6-rr3v-8fff

Timeline

2024-12-21 00:30:36 UTC
CVE

Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse