3 matches found
CVE-2024-53991
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
CVE-2024-53991
Discourse backup file disclosure via default Nginx configuration (CVE-2024-53991) affects Discourse instances using FileStore::LocalStore for local uploads/backups. Attackers who know a backup filename can trick nginx into serving the backup file, exposing complete backups with sensitive data. Th...