PT-2023-29706 · Discourse · Discourse

Lowjomaxropublished

Publicado

2023-11-10

Atualizado

2024-03-06

CVE-2023-45816

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches

Description Discourse is an open source platform for community discussion. There is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable security has changed, making it so the user can no longer access the underlying resource.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later of the stable branch. For version 3.2.0.beta3 and earlier of the beta and tests-passed branches, update to version 3.2.0.beta3 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BIT-DISCOURSE-2023-45816

CVE-2023-45816

GHSA-V9R6-92WP-F6CF

Produtos afetados

Discourse

PT-2023-29706 · Discourse · Discourse

CVE-2023-45816

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9