Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.1 |
References | () https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 - Patch | |
References | () https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4 - Vendor Advisory |
25 Jan 2024, 15:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4 - Vendor Advisory | |
References | () https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Discourse
Discourse discourse |
|
CPE | cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:* |
12 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 21:15
Updated : 2024-11-21 08:32
NVD link : CVE-2023-49099
Mitre link : CVE-2023-49099
CVE.ORG link : CVE-2023-49099
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-284
Improper Access Control