BIT-discourse-2023-44391

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2023-44391.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-discourse-2023-44391

Aliases

CVE-2023-44391

Published

2024-03-06T10:53:30.809Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hide_user_profiles_from_public is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.1.1

Introduced

3.2.0-beta1

Last affected

3.2.0-beta1