PT-2025-12891 · Discourse · Discourse

Publicado

2025-03-26

Atualizado

2025-03-28

CVE-2025-24972

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.3.4 Discourse versions prior to 3.4.0.beta5

Description The issue affects Discourse, an open-source discussion platform, where users could be added to group direct messages despite disabling direct messaging in their preferences under specific circumstances.

Recommendations For versions prior to 3.3.4, update to version 3.3.4 or later to resolve the issue. For versions prior to 3.4.0.beta5, update to version 3.4.0.beta5 or later to resolve the issue. As a temporary workaround, consider disabling chat in user preferences to prevent being added to new group chats.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

BIT-DISCOURSE-2025-24972

CVE-2025-24972

GHSA-4P63-QW6G-4MV2

Produtos afetados

Discourse

PT-2025-12891 · Discourse · Discourse

CVE-2025-24972

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7