References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://github.com/discourse/discourse-calendar/commit/dfc4fa15f340189f177a1d1ab2cc94ffed3c1190

https://github.com/discourse/discourse-calendar/security/advisories/GHSA-4hh7-6m34-p2jp

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a workaround, one may use post visibility to limit access.

GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

GitHub, Inc. CWE-863

GitHub, Inc. https://github.com/discourse/discourse-calendar/commit/dfc4fa15f340189f177a1d1ab2cc94ffed3c1190 [No types assigned]

GitHub, Inc. https://github.com/discourse/discourse-calendar/security/advisories/GHSA-4hh7-6m34-p2jp [No types assigned]