Source |
CVE Liste |
Identifiant |
8316063 |
Date de publication |
2023-03-06 18:15:10 (vue: 2023-03-06 20:06:59) |
Titre |
CVE-2023-25169 |
Texte |
discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. |
Envoyé |
Oui |
Condensat |
2023 25169 `b3ab33bbf7` `yearly account advised affected also anonymised are automated been commit cve data disable discourse edit enabled` fully has have included issue its latest linked manually may mitigate old original patched plugin possible present publishes review setting some then topic topics unable upgrade user users version versions which will year yearly |
Tags |
|
Stories |
|
Notes |
|
Move |
|