CVE-2024-45297

Published: Oct 7, 2024Modified: Sep 25, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (3)

Products: Discourse: Discourse

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Discourse Discourse	Before 3.4.0
Discourse Discourse	Before 3.3.2
Discourse Discourse	Version 3.4.0 beta1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.