PT-2023-20324 · Discourse · Discourse

Jomaxro

Publicado

2023-03-04

Atualizado

2024-03-06

CVE-2023-25819

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions 3.1.0.beta2 through the version prior to the latest beta and tests-passed versions

Description The issue concerns the exposure of private tags in metadata on Discourse, an open-source platform for community discussions. This occurs on sites running the tests-passed or beta branches.

Recommendations For versions 3.1.0.beta2 and later, update to the latest beta or tests-passed version to resolve the issue. As a temporary workaround, consider restricting access to metadata to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-359

Identificadores relacionados

BIT-DISCOURSE-2023-25819

CVE-2023-25819

GHSA-XX2H-MWM7-HQ6Q

Produtos afetados

Discourse

PT-2023-20324 · Discourse · Discourse

CVE-2023-25819

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7