CVE-2023-45131

Published: Oct 16, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (2)

Products: Discourse: Discourse

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Up to 3.1.1
Discourse Discourse	Version 3.2.0 beta1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6

Source: security-advisories@github.com

Vendor Advisory

https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.