CVE-2024-24748 MEDIUM

CVE-2024-24748: Disclosure of the existence of secret subcategories in Discourse

Vendor Discourse
Product discourse
Weakness CWE-200 · Info exposure
Published March 15, 2024
Last update August 27, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

March 15, 2024 CVE published
August 27, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-31927 An information disclosure in the web interface of Brocade Fabric OS CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL CVE-2024-13638 Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2021-39224 File path disclosure of shared files in OfficeOnline application CVE-2021-37867 Emails of all users are exposed via one of the Boards APIs