CVE-2023-45131

2023-10-1622:15:12

CWE-200

[email protected]

web.nvd.nist.gov

discourse

open source

community discussion

cve-2023-45131

vulnerability

patch

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

37.0%

JSON

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

NVD

Node

discoursediscourseRange<3.1.2

discoursediscourseRange<3.2.0.beta2

VendorProductVersionCPE
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
discoursediscourse*cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
discourse	discourse	*	cpe:2.3:a:discourse:discourse::::::::
discourse	discourse	*	cpe:2.3:a:discourse:discourse::::::::

CNA Affected

[
  {
    "vendor": "discourse",
    "product": "discourse",
    "versions": [
      {
        "version": " stable < 3.1.2",
        "status": "affected"
      },
      {
        "version": "beta < 3.2.0.beta2",
        "status": "affected"
      }
    ]
  }
]