Unrated severityNVD Advisory· Published Oct 16, 2023· Updated Sep 16, 2024

Unauthenticated access to new private chat messages in Discourse

CVE-2023-45131

Description

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Discourse (software)/Discoursev5
Range: stable < 3.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000