Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-0574
• publify/publify@0e6c66a
• https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-0574.yml