4.3

CVE-2024-53994

Potential bypass of chat permissions in Discourse

Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DiscourseDiscourse SwEditionstable Version < 3.3.3
DiscourseDiscourse SwEditionbeta Version < 3.4.0
DiscourseDiscourse Version3.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version3.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version3.4.0 Updatebeta3 SwEditionbeta
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.176
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://github.com/discourse/discourse/security/advisories/GHSA-mrpw-gwj7-98r6
Third Party Advisory