Lucene search

[email protected]NVD:CVE-2023-23620

HistoryJan 28, 2023 - 12:15 a.m.

CVE-2023-23620

2023-01-2800:15:09

CWE-200

[email protected]

web.nvd.nist.gov

discourse

open-source

discussion platform

version 3.0.1

version 3.1.0.beta2

restricted tags

unauthorized access

security patch

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

27.0%

JSON

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches. There are no known workarounds.

Affected configurations

NVD

Node

discoursediscourseRange<3.0.1stable

Node

discoursediscourseMatch1.1.0beta1beta

discoursediscourseMatch1.1.0beta2beta

discoursediscourseMatch1.1.0beta3beta

discoursediscourseMatch1.1.0beta4beta

discoursediscourseMatch1.1.0beta5beta

discoursediscourseMatch1.1.0beta6beta

discoursediscourseMatch1.1.0beta6bbeta

discoursediscourseMatch1.1.0beta7beta

discoursediscourseMatch1.1.0beta8beta

discoursediscourseMatch1.2.0beta1beta

discoursediscourseMatch1.2.0beta2beta

discoursediscourseMatch1.2.0beta3beta

discoursediscourseMatch1.2.0beta4beta

discoursediscourseMatch1.2.0beta5beta

discoursediscourseMatch1.2.0beta6beta

discoursediscourseMatch1.2.0beta7beta

discoursediscourseMatch1.2.0beta8beta

discoursediscourseMatch1.2.0beta9beta

discoursediscourseMatch1.3.0beta1beta

discoursediscourseMatch1.3.0beta10beta

discoursediscourseMatch1.3.0beta11beta

discoursediscourseMatch1.3.0beta2beta

discoursediscourseMatch1.3.0beta3beta

discoursediscourseMatch1.3.0beta4beta

discoursediscourseMatch1.3.0beta5beta

discoursediscourseMatch1.3.0beta6beta

discoursediscourseMatch1.3.0beta7beta

discoursediscourseMatch1.3.0beta8beta

discoursediscourseMatch1.3.0beta9beta

discoursediscourseMatch1.4.0beta1beta

discoursediscourseMatch1.4.0beta10beta

discoursediscourseMatch1.4.0beta11beta

discoursediscourseMatch1.4.0beta12beta

discoursediscourseMatch1.4.0beta2beta

discoursediscourseMatch1.4.0beta3beta

discoursediscourseMatch1.4.0beta4beta

discoursediscourseMatch1.4.0beta5beta

discoursediscourseMatch1.4.0beta6beta

discoursediscourseMatch1.4.0beta7beta

discoursediscourseMatch1.4.0beta8beta

discoursediscourseMatch1.4.0beta9beta

discoursediscourseMatch1.5.0beta1beta

discoursediscourseMatch1.5.0beta10beta

discoursediscourseMatch1.5.0beta11beta

discoursediscourseMatch1.5.0beta12beta

discoursediscourseMatch1.5.0beta13beta

discoursediscourseMatch1.5.0beta13bbeta

discoursediscourseMatch1.5.0beta14beta

discoursediscourseMatch1.5.0beta2beta

discoursediscourseMatch1.5.0beta3beta

discoursediscourseMatch1.5.0beta4beta

discoursediscourseMatch1.5.0beta5beta

discoursediscourseMatch1.5.0beta6beta

discoursediscourseMatch1.5.0beta7beta

discoursediscourseMatch1.5.0beta8beta

discoursediscourseMatch1.5.0beta9beta

discoursediscourseMatch1.6.0beta1beta

discoursediscourseMatch1.6.0beta10beta

discoursediscourseMatch1.6.0beta11beta

discoursediscourseMatch1.6.0beta12beta

discoursediscourseMatch1.6.0beta2beta

discoursediscourseMatch1.6.0beta3beta

discoursediscourseMatch1.6.0beta4beta

discoursediscourseMatch1.6.0beta5beta

discoursediscourseMatch1.6.0beta6beta

discoursediscourseMatch1.6.0beta7beta

discoursediscourseMatch1.6.0beta8beta

discoursediscourseMatch1.6.0beta9beta

discoursediscourseMatch1.7.0beta1beta

discoursediscourseMatch1.7.0beta10beta

discoursediscourseMatch1.7.0beta11beta

discoursediscourseMatch1.7.0beta2beta

discoursediscourseMatch1.7.0beta3beta

discoursediscourseMatch1.7.0beta4beta

discoursediscourseMatch1.7.0beta5beta

discoursediscourseMatch1.7.0beta6beta

discoursediscourseMatch1.7.0beta7beta

discoursediscourseMatch1.7.0beta8beta

discoursediscourseMatch1.7.0beta9beta

discoursediscourseMatch1.8.0beta1beta

discoursediscourseMatch1.8.0beta10beta

discoursediscourseMatch1.8.0beta11beta

discoursediscourseMatch1.8.0beta12beta

discoursediscourseMatch1.8.0beta13beta

discoursediscourseMatch1.8.0beta2beta

discoursediscourseMatch1.8.0beta3beta

discoursediscourseMatch1.8.0beta4beta

discoursediscourseMatch1.8.0beta5beta

discoursediscourseMatch1.8.0beta6beta

discoursediscourseMatch1.8.0beta7beta

discoursediscourseMatch1.8.0beta8beta

discoursediscourseMatch1.8.0beta9beta

discoursediscourseMatch1.9.0beta1beta

discoursediscourseMatch1.9.0beta10beta

discoursediscourseMatch1.9.0beta11beta

discoursediscourseMatch1.9.0beta12beta

discoursediscourseMatch1.9.0beta13beta

discoursediscourseMatch1.9.0beta14beta

discoursediscourseMatch1.9.0beta15beta

discoursediscourseMatch1.9.0beta16beta

discoursediscourseMatch1.9.0beta17beta

discoursediscourseMatch1.9.0beta2beta

discoursediscourseMatch1.9.0beta3beta

discoursediscourseMatch1.9.0beta4beta

discoursediscourseMatch1.9.0beta5beta

discoursediscourseMatch1.9.0beta6beta

discoursediscourseMatch1.9.0beta7beta

discoursediscourseMatch1.9.0beta8beta

discoursediscourseMatch1.9.0beta9beta

discoursediscourseMatch2.0.0beta1beta

discoursediscourseMatch2.0.0beta10beta

discoursediscourseMatch2.0.0beta2beta

discoursediscourseMatch2.0.0beta3beta

discoursediscourseMatch2.0.0beta4beta

discoursediscourseMatch2.0.0beta5beta

discoursediscourseMatch2.0.0beta6beta

discoursediscourseMatch2.0.0beta7beta

discoursediscourseMatch2.0.0beta8beta

discoursediscourseMatch2.0.0beta9beta

discoursediscourseMatch2.1.0beta1beta

discoursediscourseMatch2.1.0beta2beta

discoursediscourseMatch2.1.0beta3beta

discoursediscourseMatch2.1.0beta4beta

discoursediscourseMatch2.1.0beta5beta

discoursediscourseMatch2.1.0beta6beta

discoursediscourseMatch2.2.0beta1beta

discoursediscourseMatch2.2.0beta10beta

discoursediscourseMatch2.2.0beta2beta

discoursediscourseMatch2.2.0beta3beta

discoursediscourseMatch2.2.0beta4beta

discoursediscourseMatch2.2.0beta5beta

discoursediscourseMatch2.2.0beta6beta

discoursediscourseMatch2.2.0beta7beta

discoursediscourseMatch2.2.0beta8beta

discoursediscourseMatch2.2.0beta9beta

discoursediscourseMatch2.3.0beta1beta

discoursediscourseMatch2.3.0beta10beta

discoursediscourseMatch2.3.0beta11beta

discoursediscourseMatch2.3.0beta2beta

discoursediscourseMatch2.3.0beta3beta

discoursediscourseMatch2.3.0beta4beta

discoursediscourseMatch2.3.0beta5beta

discoursediscourseMatch2.3.0beta6beta

discoursediscourseMatch2.3.0beta7beta

discoursediscourseMatch2.3.0beta8beta

discoursediscourseMatch2.3.0beta9beta

discoursediscourseMatch2.4.0beta1beta

discoursediscourseMatch2.4.0beta10beta

discoursediscourseMatch2.4.0beta11beta

discoursediscourseMatch2.4.0beta2beta

discoursediscourseMatch2.4.0beta3beta

discoursediscourseMatch2.4.0beta4beta

discoursediscourseMatch2.4.0beta5beta

discoursediscourseMatch2.4.0beta6beta

discoursediscourseMatch2.4.0beta7beta

discoursediscourseMatch2.4.0beta8beta

discoursediscourseMatch2.4.0beta9beta

discoursediscourseMatch2.5.0beta1beta

discoursediscourseMatch2.5.0beta2beta

discoursediscourseMatch2.5.0beta3beta

discoursediscourseMatch2.5.0beta4beta

discoursediscourseMatch2.5.0beta5beta

discoursediscourseMatch2.5.0beta6beta

discoursediscourseMatch2.5.0beta7beta

discoursediscourseMatch2.6.0beta1beta

discoursediscourseMatch2.6.0beta2beta

discoursediscourseMatch2.6.0beta3beta

discoursediscourseMatch2.6.0beta4beta

discoursediscourseMatch2.6.0beta5beta

discoursediscourseMatch2.6.0beta6beta

discoursediscourseMatch2.7.0beta1beta

discoursediscourseMatch2.7.0beta2beta

discoursediscourseMatch2.7.0beta3beta

discoursediscourseMatch2.7.0beta4beta

discoursediscourseMatch2.7.0beta5beta

discoursediscourseMatch2.7.0beta6beta

discoursediscourseMatch2.7.0beta7beta

discoursediscourseMatch2.7.0beta8beta

discoursediscourseMatch2.7.0beta9beta

discoursediscourseMatch2.8.0beta1beta

discoursediscourseMatch2.8.0beta10beta

discoursediscourseMatch2.8.0beta11beta

discoursediscourseMatch2.8.0beta2beta

discoursediscourseMatch2.8.0beta3beta

discoursediscourseMatch2.8.0beta4beta

discoursediscourseMatch2.8.0beta5beta

discoursediscourseMatch2.8.0beta6beta

discoursediscourseMatch2.8.0beta7beta

discoursediscourseMatch2.8.0beta8beta

discoursediscourseMatch2.8.0beta9beta

discoursediscourseMatch2.9.0beta1beta

discoursediscourseMatch2.9.0beta10beta

discoursediscourseMatch2.9.0beta11beta

discoursediscourseMatch2.9.0beta12beta

discoursediscourseMatch2.9.0beta13beta

discoursediscourseMatch2.9.0beta14beta

discoursediscourseMatch2.9.0beta2beta

discoursediscourseMatch2.9.0beta3beta

discoursediscourseMatch2.9.0beta4beta

discoursediscourseMatch2.9.0beta5beta

discoursediscourseMatch2.9.0beta6beta

discoursediscourseMatch2.9.0beta7beta

discoursediscourseMatch2.9.0beta8beta

discoursediscourseMatch2.9.0beta9beta

discoursediscourseMatch3.0.0beta15beta

discoursediscourseMatch3.0.0beta16beta

discoursediscourseMatch3.1.0beta1beta

References

github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164

github.com/discourse/discourse/pull/20004

github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

27.0%

JSON

Related for NVD:CVE-2023-23620

cvelist1 osv2 prion1 cve1 openvas2