7.5

CVE-2024-28242

EPSS 0.11%
Veröffentlicht 15.03.2024 20:15:09
Zuletzt bearbeitet 26.09.2025 12:50:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Discourse ≫ Discourse SwEditionstable Version < 3.2.0

Discourse ≫ Discourse SwEditionbeta Version < 3.3.0

Discourse ≫ Discourse Version3.3.0 Update- SwEditionbeta

Discourse ≫ Discourse Version3.3.0 Updatebeta1 SwEditionbeta

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.307

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39

Patch

https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28242

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28242

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28242

EUVD