How severe is CVE-2022-41913?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-41913?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-41913 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discourse_post_event_enabled` setting to fully mitigate the issue. Also, it's possible to prevent regular users from using this vulnerability by removing all groups from the `discourse_post_event_allowed_on_groups` but note that moderators will still be able to use it.

Related Vulnerabilities

CVE-2016-1786

MEDIUM

CVSS:5.4(Medium)

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the d...

CWE-2002016

CVE-2016-5014

MEDIUM

CVSS:5.4(Medium)

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

CWE-2002016

CVE-2017-10337

MEDIUM

CVSS:5.4(Medium)

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vuln...

CWE-2002017

CVE-2018-10581

MEDIUM

CVSS:5.4(Medium)

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated T...

CWE-2002018

CVE-2018-17091

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt.

CWE-2002018

CVE-2018-1999030

MEDIUM

CVSS:5.4(Medium)

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.j...

CWE-2002018