BIT-discourse-2023-45131

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2023-45131.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-discourse-2023-45131

Aliases

CVE-2023-45131

Published

2024-03-06T10:53:19.376Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cpes": [
        "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*",
        "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / discourse

Package

Name: discourse
Purl: pkg:bitnami/discourse

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.1.1

Introduced

3.2.0-beta1

Last affected

3.2.0-beta1