Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-2023-43814
HistoryOct 23, 2023 - 6:17 a.m.

BIT-2023-43814

2023-10-2306:17:35
Google
osv.dev
20
discourse
platform
poll
results
exposure
vulnerability
patched
software

0.0005 Low

EPSS

Percentile

17.0%

JSON

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/grouped_poll_results endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.

Related

cve 1
prion 1
nvd 1
osv 2
cvelist 1
openvas 1
cve
cve
CVE-2023-43814
2023-10-16 22:15:12
prion
prion
Information disclosure
2023-10-16 22:15:00
nvd
nvd
CVE-2023-43814
2023-10-16 22:15:12
osv
osv
CVE-2023-43814
2023-10-16 22:15:12
BIT-discourse-2023-43814
2024-03-06 10:53:52
cvelist
cvelist
CVE-2023-43814 Exposure of poll options and votes to unauthorized users in Discourse
2023-10-16 21:09:16
openvas
openvas
Discourse <= 3.1.1, 3.2.0.beta1 Multiple Vulnerabilities
2023-10-23 00:00:00

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for OSV:BIT-2023-43814
cve1prion1nvd1osv2cvelist1openvas1