CVE-2023-44391 MEDIUM

CVE-2023-44391: Prevent unauthorized access to summary details in Discourse

Vendor Discourse
Product discourse
Weakness CWE-200 · Info exposure
Published October 16, 2023
Last update September 16, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

October 16, 2023 CVE published
September 16, 2024 Record updated