CVE-2023-45131

Source
https://cve.org/CVERecord?id=CVE-2023-45131
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45131.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45131
Aliases
Published
2023-10-16T21:24:10.688Z
Modified
2026-07-15T01:48:55.932839646Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Unauthenticated access to new private chat messages in Discourse
Details

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45131.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": " stable < 3.1.2"
        },
        {
            "last_affected": " stable < 3.1.2"
        },
        {
            "introduced": "beta < 3.2.0.beta2"
        },
        {
            "last_affected": "beta < 3.2.0.beta2"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

stable < 3.*
stable < 3.1.2
3.*
3.2.0-beta1
beta < 3.*
beta < 3.2.0.beta2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45131.json"