CVE-2023-45131

Unauthenticated access to new private chat messages in Discourse

CVSS 7.5 HIGHEPSS 1.8%CWE-200

Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

discourse · discourse

PoCs públicas encontradas — 2

githubgithub.com/ibrahmsql/CVE-2023-45131★ 3 exploitdbwww.exploit-db.com/exploits/52375não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/discourse/discourse/security/advisories/GHSA-84gf-hhrc-9pw6