CVE-2023-25819

Опубликовано: 04 мар. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches >= 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse.

Ссылки

https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831
Patch
https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q
Third Party Advisory
https://github.com/discourse/discourse/commit/a9f2c6db64e7d78b8e0f55e7bd77c5fe3459b831
Patch
https://github.com/discourse/discourse/security/advisories/GHSA-xx2h-mwm7-hq6q
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*

Версия до 3.1.0 (исключая)

cpe:2.3:a:discourse:discourse:3.1.0:beta1:*:*:beta:*:*:*

cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-359

CWE-200