4 matches found
Discourse 3.1.1 - Unauthenticated Chat Message Access
!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...
Discourse 3.1.x <= 3.1.1, 3.2.0.beta1 Unauthorized Access Vulnerability
Discourse is prone to an unauthorized access vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
CVE-2023-45131
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for...
CVE-2023-45131
CVE-2023-45131 affects Discourse prior to 3.1.1 stable and prior to 3.2.0.beta2. The issue allows reading new chat messages by an unauthenticated POST to the MessageBus endpoint, representing an unauthenticated disclosure of private chat content. Root cause details are not explicitly stated in th...