CVE-2023-49099

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49099

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49099.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49099

Aliases

BIT-discourse-2023-49099
GHSA-j67x-x6mq-pwv4

Published

2024-01-12T20:53:53.163Z

Modified

2026-04-10T05:04:57.978484Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Discourse secure uploads accessible to guests even when login is required

Details

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49099.json"
}

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type

GIT

Repo

https://github.com/discourse/discourse

Events

Introduced

Fixed

2d4ed7d02053df72aedd2dcebfdd5768e8065103

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/discourse/discourse

Events

Introduced

a9cc379121e30f86128677c71dbb42c30100598a

Fixed

f953d9b113fe313edfe8cd752c3efac7963d8077

Database specific

{
    "versions": [
        {
            "introduced": "3.2.0beta1"
        },
        {
            "fixed": "3.2.0.beta4"
        }
    ]
}

Affected versions

v0.*

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.2.5

v0.9.2.6

v0.9.3

v0.9.4

v0.9.5

v0.9.5.1

v0.9.5.2

v0.9.6

v0.9.6.1

v0.9.6.3

v0.9.6.4

v0.9.7

v0.9.7.1

v0.9.7.2

v0.9.7.3

v0.9.7.4

v0.9.7.5

v0.9.7.6

v0.9.7.7

v0.9.7.8

v0.9.7.9

v0.9.8

v0.9.8.1

v0.9.8.10

v0.9.8.11

v0.9.8.2

v0.9.8.3

v0.9.8.4

v0.9.8.5

v0.9.8.6

v0.9.8.7

v0.9.8.8

v0.9.8.9

v0.9.9.1

v0.9.9.10

v0.9.9.11

v0.9.9.12

v0.9.9.13

v0.9.9.14

v0.9.9.15

v0.9.9.16

v0.9.9.17

v0.9.9.18

v0.9.9.2

v0.9.9.3

v0.9.9.4

v0.9.9.5

v0.9.9.6

v0.9.9.7

v0.9.9.8

v0.9.9.9

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.1

v1.6.10

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.1

v1.7.10

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.1

v1.8.10

v1.8.11

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.8.8

v1.8.9

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.3.0

v2.3.1

v2.3.10

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.2.0.beta1

v3.2.0.beta2

v3.2.0.beta3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49099.json"