5.3

CVE-2023-23620

Discourse restricted tag routes leak topic information

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DiscourseDiscourse SwEditionstable Version < 3.0.1
DiscourseDiscourse Version1.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta6b SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta13b SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta15 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta16 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta17 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version3.0.0 Updatebeta15 SwEditionbeta
DiscourseDiscourse Version3.0.0 Updatebeta16 SwEditionbeta
DiscourseDiscourse Version3.1.0 Updatebeta1 SwEditionbeta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.47
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164
Patch
Third Party Advisory
https://github.com/discourse/discourse/pull/20004
Patch
Third Party Advisory
https://github.com/discourse/discourse/security/advisories/GHSA-hvj9-g84x-5prx
Third Party Advisory