PT-2023-29429 · Discourse · Discourse

Highjomax

Published

2023-10-16

Updated

2024-03-06

CVE-2023-45131

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.1 stable and 3.2.0.beta2

Description Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to MessageBus. There are no known workarounds for this issue. Users are advised to upgrade to a patched version.

Recommendations For versions prior to 3.1.1 stable, upgrade to version 3.1.1 stable or later. For versions prior to 3.2.0.beta2, upgrade to version 3.2.0.beta2 or later. As a temporary workaround, consider restricting access to the MessageBus until a patch is applied.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-DISCOURSE-2023-45131

CVE-2023-45131

GHSA-84GF-HHRC-9PW6

Affected Products

Discourse

PT-2023-29429 · Discourse · Discourse

CVE-2023-45131

Weakness Enumeration

Related Identifiers

Affected Products

References · 10