PT-2025-3200 · Discourse · Discourse

Lowjomaxrop

Published

2025-02-04

Updated

2025-02-20

CVE-2024-56197

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Discourse versions prior to the latest stable, beta, and tests-passed versions

Description Discourse is an open source platform for community discussion. Private message titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the private message has been tagged.

Recommendations For versions prior to the latest stable, beta, and tests-passed versions, update to the latest version. For users unable to update, remove all groups from the "PM tags allowed for groups" option as a temporary workaround.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-DISCOURSE-2024-56197

CVE-2024-56197

GHSA-XMGR-G9CP-V239

Affected Products

Discourse

PT-2025-3200 · Discourse · Discourse

CVE-2024-56197

Weakness Enumeration

Related Identifiers

Affected Products

References · 8