Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-43814
HistoryOct 16, 2023 - 10:15 p.m.

Information disclosure

2023-10-1622:15:00
PRIOn knowledge base
www.prio-n.com
4
discourse
open source
unauthorized access
privacy
integrity
patched
versions.

4.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/grouped_poll_results endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.

CPENameOperatorVersion
discoursele3.1.1
discourseeq3.2.0 beta1

Related

cve 1
osv 3
nvd 1
cvelist 1
openvas 1
cve
cve
CVE-2023-43814
2023-10-16 22:15:12
osv
osv
CVE-2023-43814
2023-10-16 22:15:12
BIT-2023-43814
2023-10-23 06:17:35
BIT-discourse-2023-43814
2024-03-06 10:53:52
nvd
nvd
CVE-2023-43814
2023-10-16 22:15:12
cvelist
cvelist
CVE-2023-43814 Exposure of poll options and votes to unauthorized users in Discourse
2023-10-16 21:09:16
openvas
openvas
Discourse <= 3.1.1, 3.2.0.beta1 Multiple Vulnerabilities
2023-10-23 00:00:00

4.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for PRION:CVE-2023-43814
cve1osv3nvd1cvelist1openvas1