← Back

CVE-2023-23935

nvd nist
Published: Mar 16, 2023Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message. In the patched versions, the count of personal messages tagged with a given tag is hidden by default. To revert to the old behaviour of displaying the count of personal messages for a given tag, an admin may enable the `display_personal_messages_tag_counts` site setting.

Affected (208)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
208 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Before 3.0.1
Discourse
Version 1.1.0 beta1
Discourse
Version 1.1.0 beta2
Discourse
Version 1.1.0 beta3
Discourse
Version 1.1.0 beta4
Discourse
Version 1.1.0 beta5
Discourse
Version 1.1.0 beta6
Discourse
Version 1.1.0 beta6b
Discourse
Version 1.1.0 beta7
Discourse
Version 1.1.0 beta8
Discourse
Version 1.2.0 beta1
Discourse
Version 1.2.0 beta2
Discourse
Version 1.2.0 beta3
Discourse
Version 1.2.0 beta4
Discourse
Version 1.2.0 beta5
Discourse
Version 1.2.0 beta6
Discourse
Version 1.2.0 beta7
Discourse
Version 1.2.0 beta8
Discourse
Version 1.2.0 beta9
Discourse
Version 1.3.0 beta10
Discourse
Version 1.3.0 beta11
Discourse
Version 1.3.0 beta1
Discourse
Version 1.3.0 beta2
Discourse
Version 1.3.0 beta3
Discourse
Version 1.3.0 beta4
Discourse
Version 1.3.0 beta5
Discourse
Version 1.3.0 beta6
Discourse
Version 1.3.0 beta7
Discourse
Version 1.3.0 beta8
Discourse
Version 1.3.0 beta9
Discourse
Version 1.4.0 beta10
Discourse
Version 1.4.0 beta11
Discourse
Version 1.4.0 beta12
Discourse
Version 1.4.0 beta1
Discourse
Version 1.4.0 beta2
Discourse
Version 1.4.0 beta3
Discourse
Version 1.4.0 beta4
Discourse
Version 1.4.0 beta5
Discourse
Version 1.4.0 beta6
Discourse
Version 1.4.0 beta7
Discourse
Version 1.4.0 beta8
Discourse
Version 1.4.0 beta9
Discourse
Version 1.5.0 beta10
Discourse
Version 1.5.0 beta11
Discourse
Version 1.5.0 beta12
Discourse
Version 1.5.0 beta13
Discourse
Version 1.5.0 beta13b
Discourse
Version 1.5.0 beta14
Discourse
Version 1.5.0 beta1
Discourse
Version 1.5.0 beta2
Discourse
Version 1.5.0 beta3
Discourse
Version 1.5.0 beta4
Discourse
Version 1.5.0 beta5
Discourse
Version 1.5.0 beta6
Discourse
Version 1.5.0 beta7
Discourse
Version 1.5.0 beta8
Discourse
Version 1.5.0 beta9
Discourse
Version 1.6.0 beta10
Discourse
Version 1.6.0 beta11
Discourse
Version 1.6.0 beta12
Discourse
Version 1.6.0 beta1
Discourse
Version 1.6.0 beta2
Discourse
Version 1.6.0 beta3
Discourse
Version 1.6.0 beta4
Discourse
Version 1.6.0 beta5
Discourse
Version 1.6.0 beta6
Discourse
Version 1.6.0 beta7
Discourse
Version 1.6.0 beta8
Discourse
Version 1.6.0 beta9
Discourse
Version 1.7.0 beta10
Discourse
Version 1.7.0 beta11
Discourse
Version 1.7.0 beta1
Discourse
Version 1.7.0 beta2
Discourse
Version 1.7.0 beta3
Discourse
Version 1.7.0 beta4
Discourse
Version 1.7.0 beta5
Discourse
Version 1.7.0 beta6
Discourse
Version 1.7.0 beta7
Discourse
Version 1.7.0 beta8
Discourse
Version 1.7.0 beta9
Discourse
Version 1.8.0 beta10
Discourse
Version 1.8.0 beta11
Discourse
Version 1.8.0 beta12
Discourse
Version 1.8.0 beta13
Discourse
Version 1.8.0 beta1
Discourse
Version 1.8.0 beta2
Discourse
Version 1.8.0 beta3
Discourse
Version 1.8.0 beta4
Discourse
Version 1.8.0 beta5
Discourse
Version 1.8.0 beta6
Discourse
Version 1.8.0 beta7
Discourse
Version 1.8.0 beta8
Discourse
Version 1.8.0 beta9
Discourse
Version 1.9.0 beta10
Discourse
Version 1.9.0 beta11
Discourse
Version 1.9.0 beta12
Discourse
Version 1.9.0 beta13
Discourse
Version 1.9.0 beta14
Discourse
Version 1.9.0 beta15
Discourse
Version 1.9.0 beta16
Discourse
Version 1.9.0 beta17
Discourse
Version 1.9.0 beta1
Discourse
Version 1.9.0 beta2
Discourse
Version 1.9.0 beta3
Discourse
Version 1.9.0 beta4
Discourse
Version 1.9.0 beta5
Discourse
Version 1.9.0 beta6
Discourse
Version 1.9.0 beta7
Discourse
Version 1.9.0 beta8
Discourse
Version 1.9.0 beta9
Discourse
Version 2.0.0 beta10
Discourse
Version 2.0.0 beta1
Discourse
Version 2.0.0 beta2
Discourse
Version 2.0.0 beta3
Discourse
Version 2.0.0 beta4
Discourse
Version 2.0.0 beta5
Discourse
Version 2.0.0 beta6
Discourse
Version 2.0.0 beta7
Discourse
Version 2.0.0 beta8
Discourse
Version 2.0.0 beta9
Discourse
Version 2.1.0 beta1
Discourse
Version 2.1.0 beta2
Discourse
Version 2.1.0 beta3
Discourse
Version 2.1.0 beta4
Discourse
Version 2.1.0 beta5
Discourse
Version 2.1.0 beta6
Discourse
Version 2.2.0 beta10
Discourse
Version 2.2.0 beta1
Discourse
Version 2.2.0 beta2
Discourse
Version 2.2.0 beta3
Discourse
Version 2.2.0 beta4
Discourse
Version 2.2.0 beta5
Discourse
Version 2.2.0 beta6
Discourse
Version 2.2.0 beta7
Discourse
Version 2.2.0 beta8
Discourse
Version 2.2.0 beta9
Discourse
Version 2.3.0 beta10
Discourse
Version 2.3.0 beta11
Discourse
Version 2.3.0 beta1
Discourse
Version 2.3.0 beta2
Discourse
Version 2.3.0 beta3
Discourse
Version 2.3.0 beta4
Discourse
Version 2.3.0 beta5
Discourse
Version 2.3.0 beta6
Discourse
Version 2.3.0 beta7
Discourse
Version 2.3.0 beta8
Discourse
Version 2.3.0 beta9
Discourse
Version 2.4.0 beta10
Discourse
Version 2.4.0 beta11
Discourse
Version 2.4.0 beta1
Discourse
Version 2.4.0 beta2
Discourse
Version 2.4.0 beta3
Discourse
Version 2.4.0 beta4
Discourse
Version 2.4.0 beta5
Discourse
Version 2.4.0 beta6
Discourse
Version 2.4.0 beta7
Discourse
Version 2.4.0 beta8
Discourse
Version 2.4.0 beta9
Discourse
Version 2.5.0 beta1
Discourse
Version 2.5.0 beta2
Discourse
Version 2.5.0 beta3
Discourse
Version 2.5.0 beta4
Discourse
Version 2.5.0 beta5
Discourse
Version 2.5.0 beta6
Discourse
Version 2.5.0 beta7
Discourse
Version 2.6.0 beta1
Discourse
Version 2.6.0 beta2
Discourse
Version 2.6.0 beta3
Discourse
Version 2.6.0 beta4
Discourse
Version 2.6.0 beta5
Discourse
Version 2.6.0 beta6
Discourse
Version 2.7.0 beta1
Discourse
Version 2.7.0 beta2
Discourse
Version 2.7.0 beta3
Discourse
Version 2.7.0 beta4
Discourse
Version 2.7.0 beta5
Discourse
Version 2.7.0 beta6
Discourse
Version 2.7.0 beta7
Discourse
Version 2.7.0 beta8
Discourse
Version 2.7.0 beta9
Discourse
Version 2.8.0 beta10
Discourse
Version 2.8.0 beta11
Discourse
Version 2.8.0 beta1
Discourse
Version 2.8.0 beta2
Discourse
Version 2.8.0 beta3
Discourse
Version 2.8.0 beta4
Discourse
Version 2.8.0 beta5
Discourse
Version 2.8.0 beta6
Discourse
Version 2.8.0 beta7
Discourse
Version 2.8.0 beta8
Discourse
Version 2.8.0 beta9
Discourse
Version 2.9.0 beta10
Discourse
Version 2.9.0 beta11
Discourse
Version 2.9.0 beta12
Discourse
Version 2.9.0 beta13
Discourse
Version 2.9.0 beta14
Discourse
Version 2.9.0 beta1
Discourse
Version 2.9.0 beta2
Discourse
Version 2.9.0 beta3
Discourse
Version 2.9.0 beta4
Discourse
Version 2.9.0 beta5
Discourse
Version 2.9.0 beta6
Discourse
Version 2.9.0 beta7
Discourse
Version 2.9.0 beta8
Discourse
Version 2.9.0 beta9
Discourse
Version 3.0.0 beta15
Discourse
Version 3.0.0 beta16
Discourse
Version 3.1.0 beta1

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.