5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.3%
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable
branch and version 3.1.0.beta2 on the beta
and tests-passed
branches, someone can use the exclude_tag param
to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the stable
branch and version 3.1.0.beta2 on the beta
and tests-passed
branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.3%