← Back

CVE-2023-23622

nvd nist
Published: Mar 17, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.

Affected (207)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
207 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Before 3.0.0
Discourse
Version 1.1.0 beta1
Discourse
Version 1.1.0 beta2
Discourse
Version 1.1.0 beta3
Discourse
Version 1.1.0 beta4
Discourse
Version 1.1.0 beta5
Discourse
Version 1.1.0 beta6
Discourse
Version 1.1.0 beta6b
Discourse
Version 1.1.0 beta7
Discourse
Version 1.1.0 beta8
Discourse
Version 1.2.0 beta1
Discourse
Version 1.2.0 beta2
Discourse
Version 1.2.0 beta3
Discourse
Version 1.2.0 beta4
Discourse
Version 1.2.0 beta5
Discourse
Version 1.2.0 beta6
Discourse
Version 1.2.0 beta7
Discourse
Version 1.2.0 beta8
Discourse
Version 1.2.0 beta9
Discourse
Version 1.3.0 beta10
Discourse
Version 1.3.0 beta11
Discourse
Version 1.3.0 beta1
Discourse
Version 1.3.0 beta2
Discourse
Version 1.3.0 beta3
Discourse
Version 1.3.0 beta4
Discourse
Version 1.3.0 beta5
Discourse
Version 1.3.0 beta6
Discourse
Version 1.3.0 beta7
Discourse
Version 1.3.0 beta8
Discourse
Version 1.3.0 beta9
Discourse
Version 1.4.0 beta10
Discourse
Version 1.4.0 beta11
Discourse
Version 1.4.0 beta12
Discourse
Version 1.4.0 beta1
Discourse
Version 1.4.0 beta2
Discourse
Version 1.4.0 beta3
Discourse
Version 1.4.0 beta4
Discourse
Version 1.4.0 beta5
Discourse
Version 1.4.0 beta6
Discourse
Version 1.4.0 beta7
Discourse
Version 1.4.0 beta8
Discourse
Version 1.4.0 beta9
Discourse
Version 1.5.0 beta10
Discourse
Version 1.5.0 beta11
Discourse
Version 1.5.0 beta12
Discourse
Version 1.5.0 beta13
Discourse
Version 1.5.0 beta13b
Discourse
Version 1.5.0 beta14
Discourse
Version 1.5.0 beta1
Discourse
Version 1.5.0 beta2
Discourse
Version 1.5.0 beta3
Discourse
Version 1.5.0 beta4
Discourse
Version 1.5.0 beta5
Discourse
Version 1.5.0 beta6
Discourse
Version 1.5.0 beta7
Discourse
Version 1.5.0 beta8
Discourse
Version 1.5.0 beta9
Discourse
Version 1.6.0 beta10
Discourse
Version 1.6.0 beta11
Discourse
Version 1.6.0 beta12
Discourse
Version 1.6.0 beta1
Discourse
Version 1.6.0 beta2
Discourse
Version 1.6.0 beta3
Discourse
Version 1.6.0 beta4
Discourse
Version 1.6.0 beta5
Discourse
Version 1.6.0 beta6
Discourse
Version 1.6.0 beta7
Discourse
Version 1.6.0 beta8
Discourse
Version 1.6.0 beta9
Discourse
Version 1.7.0 beta10
Discourse
Version 1.7.0 beta11
Discourse
Version 1.7.0 beta1
Discourse
Version 1.7.0 beta2
Discourse
Version 1.7.0 beta3
Discourse
Version 1.7.0 beta4
Discourse
Version 1.7.0 beta5
Discourse
Version 1.7.0 beta6
Discourse
Version 1.7.0 beta7
Discourse
Version 1.7.0 beta8
Discourse
Version 1.7.0 beta9
Discourse
Version 1.8.0 beta10
Discourse
Version 1.8.0 beta11
Discourse
Version 1.8.0 beta12
Discourse
Version 1.8.0 beta13
Discourse
Version 1.8.0 beta1
Discourse
Version 1.8.0 beta2
Discourse
Version 1.8.0 beta3
Discourse
Version 1.8.0 beta4
Discourse
Version 1.8.0 beta5
Discourse
Version 1.8.0 beta6
Discourse
Version 1.8.0 beta7
Discourse
Version 1.8.0 beta8
Discourse
Version 1.8.0 beta9
Discourse
Version 1.9.0 beta10
Discourse
Version 1.9.0 beta11
Discourse
Version 1.9.0 beta12
Discourse
Version 1.9.0 beta13
Discourse
Version 1.9.0 beta14
Discourse
Version 1.9.0 beta15
Discourse
Version 1.9.0 beta16
Discourse
Version 1.9.0 beta17
Discourse
Version 1.9.0 beta1
Discourse
Version 1.9.0 beta2
Discourse
Version 1.9.0 beta3
Discourse
Version 1.9.0 beta4
Discourse
Version 1.9.0 beta5
Discourse
Version 1.9.0 beta6
Discourse
Version 1.9.0 beta7
Discourse
Version 1.9.0 beta8
Discourse
Version 1.9.0 beta9
Discourse
Version 2.0.0 beta10
Discourse
Version 2.0.0 beta1
Discourse
Version 2.0.0 beta2
Discourse
Version 2.0.0 beta3
Discourse
Version 2.0.0 beta4
Discourse
Version 2.0.0 beta5
Discourse
Version 2.0.0 beta6
Discourse
Version 2.0.0 beta7
Discourse
Version 2.0.0 beta8
Discourse
Version 2.0.0 beta9
Discourse
Version 2.1.0 beta1
Discourse
Version 2.1.0 beta2
Discourse
Version 2.1.0 beta3
Discourse
Version 2.1.0 beta4
Discourse
Version 2.1.0 beta5
Discourse
Version 2.1.0 beta6
Discourse
Version 2.2.0 beta10
Discourse
Version 2.2.0 beta1
Discourse
Version 2.2.0 beta2
Discourse
Version 2.2.0 beta3
Discourse
Version 2.2.0 beta4
Discourse
Version 2.2.0 beta5
Discourse
Version 2.2.0 beta6
Discourse
Version 2.2.0 beta7
Discourse
Version 2.2.0 beta8
Discourse
Version 2.2.0 beta9
Discourse
Version 2.3.0 beta10
Discourse
Version 2.3.0 beta11
Discourse
Version 2.3.0 beta1
Discourse
Version 2.3.0 beta2
Discourse
Version 2.3.0 beta3
Discourse
Version 2.3.0 beta4
Discourse
Version 2.3.0 beta5
Discourse
Version 2.3.0 beta6
Discourse
Version 2.3.0 beta7
Discourse
Version 2.3.0 beta8
Discourse
Version 2.3.0 beta9
Discourse
Version 2.4.0 beta10
Discourse
Version 2.4.0 beta11
Discourse
Version 2.4.0 beta1
Discourse
Version 2.4.0 beta2
Discourse
Version 2.4.0 beta3
Discourse
Version 2.4.0 beta4
Discourse
Version 2.4.0 beta5
Discourse
Version 2.4.0 beta6
Discourse
Version 2.4.0 beta7
Discourse
Version 2.4.0 beta8
Discourse
Version 2.4.0 beta9
Discourse
Version 2.5.0 beta1
Discourse
Version 2.5.0 beta2
Discourse
Version 2.5.0 beta3
Discourse
Version 2.5.0 beta4
Discourse
Version 2.5.0 beta5
Discourse
Version 2.5.0 beta6
Discourse
Version 2.5.0 beta7
Discourse
Version 2.6.0 beta1
Discourse
Version 2.6.0 beta2
Discourse
Version 2.6.0 beta3
Discourse
Version 2.6.0 beta4
Discourse
Version 2.6.0 beta5
Discourse
Version 2.6.0 beta6
Discourse
Version 2.7.0 beta1
Discourse
Version 2.7.0 beta2
Discourse
Version 2.7.0 beta3
Discourse
Version 2.7.0 beta4
Discourse
Version 2.7.0 beta5
Discourse
Version 2.7.0 beta6
Discourse
Version 2.7.0 beta7
Discourse
Version 2.7.0 beta8
Discourse
Version 2.7.0 beta9
Discourse
Version 2.8.0 beta10
Discourse
Version 2.8.0 beta11
Discourse
Version 2.8.0 beta1
Discourse
Version 2.8.0 beta2
Discourse
Version 2.8.0 beta3
Discourse
Version 2.8.0 beta4
Discourse
Version 2.8.0 beta5
Discourse
Version 2.8.0 beta6
Discourse
Version 2.8.0 beta7
Discourse
Version 2.8.0 beta8
Discourse
Version 2.8.0 beta9
Discourse
Version 2.9.0 beta10
Discourse
Version 2.9.0 beta11
Discourse
Version 2.9.0 beta12
Discourse
Version 2.9.0 beta13
Discourse
Version 2.9.0 beta14
Discourse
Version 2.9.0 beta1
Discourse
Version 2.9.0 beta2
Discourse
Version 2.9.0 beta3
Discourse
Version 2.9.0 beta4
Discourse
Version 2.9.0 beta5
Discourse
Version 2.9.0 beta6
Discourse
Version 2.9.0 beta7
Discourse
Version 2.9.0 beta8
Discourse
Version 2.9.0 beta9
Discourse
Version 3.0.0 beta15
Discourse
Version 3.0.0 beta16

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Issue TrackingPatch
Source: security-advisories@github.com
Issue Tracking
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.