CVE-2023-23622
Published on: Not Yet Published
Last Modified on: 03/17/2023 03:44:00 PM UTC
Certain versions of Discourse from Discourse contain the following vulnerability:
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.
- CVE-2023-23622 has been assigned by
[email protected] to track the vulnerability
- Affected Vendor/Software:
discourse - discourse version = stable < 3.0.1
- Affected Vendor/Software:
discourse - discourse version = beta < 3.1.0.beta2
- Affected Vendor/Software:
discourse - discourse version = tests-passed < 3.1.0.beta2
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users · Advisory · discourse/discourse · GitHub | github.com text/html |
![]() |
SECURITY: only show restricted tag lists to authorized users (#20005) · discourse/[email protected] · GitHub | github.com text/html |
![]() |
SECURITY: only show restricted tag lists to authorized users by nbianca · Pull Request #20005 · discourse/discourse · GitHub | github.com text/html |
![]() |
SECURITY: only show restricted tag lists to authorized users (#20004) · discourse/[email protected] · GitHub | github.com text/html |
![]() |
SECURITY: only show restricted tag lists to authorized users by nbianca · Pull Request #20004 · discourse/discourse · GitHub | github.com text/html |
![]() |
Known Affected Software
Vendor | Product | Version |
---|---|---|
Discourse | discourse | = stable < 3.0.1 |
Discourse | discourse | = beta < 3.1.0.beta2 |
Discourse | discourse | = tests-passed < 3.1.0.beta2 |
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2023-23622 : Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and… twitter.com/i/web/status/1… | 2023-03-17 15:05:27 |
![]() |
CVE-2023-23622 | 2023-03-17 16:38:22 |