CVE-2023-45131 HIGH

CVE-2023-45131: Unauthenticated access to new private chat messages in Discourse

Vendor Discourse
Product discourse
Weakness CWE-200 · Info exposure
Published October 16, 2023
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

October 16, 2023 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-49068 Apache DolphinScheduler: Information Leakage Vulnerability CVE-2024-13640 Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2020-25836 Potential information leakage resulting in unauthorized access CVE-2024-1208 LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API CVE-2022-29241 Known or guessable hidden files may be accessed in Jupyter Server