5.3

CVE-2024-24748

Disclosure of the existence of secret subcategories in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DiscourseDiscourse SwEditionbeta Version <= 3.2.0
DiscourseDiscourse SwEditionstable Version <= 3.2.0
DiscourseDiscourse Version3.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version3.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version3.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version3.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version3.3.0 Updatebeta1 SwEditionbeta
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.36
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193
Patch
https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x
Third Party Advisory