7.5

CVE-2023-45131

EPSS 7.39%
Veröffentlicht 16.10.2023 22:15:12
Zuletzt bearbeitet 21.11.2024 08:26:24
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Discourse ≫ Discourse SwEditionstable Version <= 3.1.1

Discourse ≫ Discourse Version3.2.0 Updatebeta1 SwEditionbeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.39%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-45131

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-45131

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-45131

EUVD