VYPR
Unrated severityNVD Advisory· Published Jan 12, 2024· Updated Jun 17, 2025

Discourse secure uploads accessible to guests even when login is required

CVE-2023-49099

Description

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.