How severe is CVE-2022-46168?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2022-46168?

This is classified as CWE-359, which is a common weakness in software security.

CVE-2022-46168 - LOW Severity | CVSS 3.5

Vulnerability Description

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is not an issue as they are likely already familiar with one another's email addresses. This issue is patched in versions 2.8.14 and 2.9.0.beta15. The fix is that someone sending emails out via group SMTP to non-staged users masks those emails with blind carbon copy (BCC). Staged users are ones that have likely only interacted with the group via email, and will likely include other people who were CC'd on the original email to the group. As a workaround, disable group SMTP for any groups that have it enabled.

Related Vulnerabilities

CVE-2023-28303

LOW

CVSS:3.3(Low)

Windows Snipping Tool Information Disclosure Vulnerability

CWE-3592023

CVE-2023-44213

LOW

CVSS:3.3(Low)

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 35739, Acronis Cyber P...

CWE-3592023

CVE-2023-48680

LOW

CVSS:3.3(Low)

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.

CWE-3592023

CVE-2025-1939

LOW

CVSS:3.9(Low)

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what...

CWE-3592025

CVE-2023-44255

MEDIUM

CVSS:4.1(Medium)

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged ...

CWE-3592023

CVE-2024-29888

MEDIUM

CVSS:4.2(Medium)

Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the...

CWE-3592024