Vulnerabilities > CVE-2023-23622 - Unspecified vulnerability in Discourse

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

discourse

NVD

Published: 2023-03-17

Updated: 2023-11-07

Summary

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.

Vulnerable Configurations

Part	Description	Count
Application	Discourse Discourse Discourse 1.1.0 Discourse Discourse 1.2.0 Discourse Discourse 1.3.0 Discourse Discourse 1.4.0 Discourse Discourse 1.5.0 Discourse Discourse 1.6.0 Discourse Discourse 1.7.0 Discourse Discourse 1.8.0 Discourse Discourse 1.9.0 Discourse Discourse 2.0.0 Discourse Discourse 2.1.0 Discourse Discourse 2.2.0 Discourse Discourse 2.3.0 Discourse Discourse 2.4.0 Discourse Discourse 2.5.0 Discourse Discourse 2.6.0 Discourse Discourse 2.7.0 Discourse Discourse 2.8.0 Discourse Discourse 2.9.0 Discourse Discourse 3.0.0 Discourse Discourse 1.4.1	207

Summary

Vulnerable Configurations

References