CVE-2023-44391

Published: Oct 16, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (2)

Products: Discourse: Discourse

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Up to 3.1.1
Discourse Discourse	Version 3.2.0 beta1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr

Source: security-advisories@github.com

Vendor Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.