漏洞标题
组SMTP用户邮件在附件邮件头中暴露
漏洞描述信息
组SMTP用户电子邮件在抄送邮件头中暴露
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Group SMTP user emails are exposed in CC email header
漏洞描述信息
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
漏洞类别
侵犯隐私
漏洞标题
Discourse 安全漏洞
漏洞描述信息
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2.8.14之前版本存在安全漏洞,该漏洞源于群组SMTP邮件的收件人可以看到群组SMTP主题内所有其他用户的邮件地址。
CVSS信息
N/A
漏洞类别
其他