PT-2023-23175 · Discourse · Discourse
Jomaxro
·
Published
2023-06-13
·
Updated
2024-03-06
·
CVE-2023-31142
CVSS v3.1
2.0
Low
| Vector | AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.0.4 of the
stable branch
Discourse versions prior to 3.1.0.beta5 of the beta and tests-passed branchesDescription
Discourse is an open source discussion platform. If a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the
stable branch and version 3.1.0.beta5 of the beta and tests-passed branches.Recommendations
For versions prior to 3.0.4 of the
stable branch, update to version 3.0.4 or later.
For versions prior to 3.1.0.beta5 of the beta and tests-passed branches, update to version 3.1.0.beta5 or later.
As a temporary workaround, if you are modifying the general category permissions, consider using a new category for the same purpose.Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse