BIT-discourse-2023-34250

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2023-34250.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-discourse-2023-34250

Aliases

CVE-2023-34250
GHSA-q8m5-wmjr-3ppg

Published

2024-03-06T10:56:49.410Z

Modified

2025-10-15T02:42:37.076783Z

Summary

Discourse vulnerable to exposure of number of topics recently created in private categories

Details

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. There are no known workarounds.

Database specific

{
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta3:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.1.0:beta4:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.4