Discourse Patches Security Vulnerability Affecting All Users
CVE-2024-45297

4.3MEDIUM

Key Information:

Vendor: Discourse
Status: Discourse
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-45297?

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Version(s)

discourse stable: < 3.3.2 < stable: 3.3.2

discourse beta: < 3.4.0.beta2 < beta: 3.4.0.beta2

References

https://github.com/discourse/discourse/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2024