PT-2023-20324 · Discourse · Discourse

Jomaxro

Published

2023-03-04

Updated

2024-03-06

CVE-2023-25819

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions 3.1.0.beta2 through the version prior to the latest beta and tests-passed versions

Description The issue concerns the exposure of private tags in metadata on Discourse, an open-source platform for community discussions. This occurs on sites running the tests-passed or beta branches.

Recommendations For versions 3.1.0.beta2 and later, update to the latest beta or tests-passed version to resolve the issue. As a temporary workaround, consider restricting access to metadata to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-359

Related Identifiers

BIT-DISCOURSE-2023-25819

CVE-2023-25819

GHSA-XX2H-MWM7-HQ6Q

Affected Products

Discourse

PT-2023-20324 · Discourse · Discourse

CVE-2023-25819

Weakness Enumeration

Related Identifiers

Affected Products

References · 7