PT-2025-19796 · Discourse · Discourse

Pmusaraj

Publicado

2025-05-05

Atualizado

2025-09-26

CVE-2025-46813

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b

Description A data leak issue affects Discourse, an open-source community platform, allowing some content on the site's homepage to be visible to unauthenticated users on login-required sites. The issue affects sites deployed between April 30, 2025, noon EDT, and May 2, 2025, noon EDT. Private content on an instance's homepage could be visible to unauthenticated users. Sites on the stable branch are unaffected.

Recommendations For Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b, upgrade to a non-vulnerable version of Discourse to resolve the issue. No workarounds are available, and sites must be upgraded to a secure version to prevent the data leak.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2025-46813

GHSA-V3H7-C287-PFG9

Produtos afetados

Discourse

PT-2025-19796 · Discourse · Discourse

CVE-2025-46813

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11