Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
References
Configurations
Configuration 1 (hide)
|
History
25 Jan 2024, 15:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-12 21:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-49099
Mitre link : CVE-2023-49099
CVE.ORG link : CVE-2023-49099
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-284
Improper Access Control