How severe is CVE-2024-56197?

This vulnerability has a severity rating of LOW with a CVSS score of 2.2 out of 10.

What type of vulnerability is CVE-2024-56197?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-56197 - LOW Severity | CVSS 2.2

Vulnerability Description

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.

Related Vulnerabilities

CVE-2021-40086

LOW

CVSS:2.2(Low)

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can onl...

CWE-2002021

CVE-2022-44746

LOW

CVSS:2.2(Low)

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

CWE-2002022

CVE-2022-45454

LOW

CVSS:2.2(Low)

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30...

CWE-2002022

CVE-2024-52589

LOW

CVSS:2.2(Low)

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patch...

CWE-2002024

CVE-2015-7884

LOW

CVSS:2.3(Low)

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive i...

CWE-2002015

CVE-2015-7885

LOW

CVSS:2.3(Low)

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive informat...

CWE-2002015