Unrated severityNVD Advisory· Published Jan 12, 2024· Updated Jun 17, 2025
Discourse secure uploads accessible to guests even when login is required
CVE-2023-49099
Description
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<3.2.0.beta4, <3.1.4+ 1 more
- (no CPE)range: <3.2.0.beta4, <3.1.4
- (no CPE)range: < 3.1.4
Patches
Vulnerability mechanics
References
2- github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53mitrex_refsource_MISC
- github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.