PT-2023-29429 · Discourse · Discourse

Highjomax

Publicado

2023-10-16

Atualizado

2024-03-06

CVE-2023-45131

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.1 stable and 3.2.0.beta2

Description Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to MessageBus. There are no known workarounds for this issue. Users are advised to upgrade to a patched version.

Recommendations For versions prior to 3.1.1 stable, upgrade to version 3.1.1 stable or later. For versions prior to 3.2.0.beta2, upgrade to version 3.2.0.beta2 or later. As a temporary workaround, consider restricting access to the MessageBus until a patch is applied.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BIT-DISCOURSE-2023-45131

CVE-2023-45131

GHSA-84GF-HHRC-9PW6

Produtos afetados

Discourse

PT-2023-29429 · Discourse · Discourse

CVE-2023-45131

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10