CVE-2023-34250

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.0.4 Discourse versions prior to 3.1.0.beta5

Description An issue in Discourse allows an attacker to use the new topics dismissal endpoint to reveal the number of topics recently created in categories they don't have access to. This does not reveal the actual content of the topics.

Recommendations For versions prior to 3.0.4, update to version 3.0.4 or later. For versions prior to 3.1.0.beta5, update to version 3.1.0.beta5 or later.

Exploit

Fix

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-668

Related Identifiers

BIT-DISCOURSE-2023-34250

CVE-2023-34250

GHSA-Q8M5-WMJR-3PPG

Affected Products

Discourse

CVE-2023-34250

Weakness Enumeration

Related Identifiers

Affected Products

References · 6