CVE-2023-23622: Infoleak
First published: Fri Mar 17 2023(Updated: )
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discourse Discourse | <3.0.0 | |
| Discourse Discourse | =1.1.0-beta1 | |
| Discourse Discourse | =1.1.0-beta2 | |
| Discourse Discourse | =1.1.0-beta3 | |
| Discourse Discourse | =1.1.0-beta4 | |
| Discourse Discourse | =1.1.0-beta5 | |
| Discourse Discourse | =1.1.0-beta6 | |
| Discourse Discourse | =1.1.0-beta6b | |
| Discourse Discourse | =1.1.0-beta7 | |
| Discourse Discourse | =1.1.0-beta8 | |
| Discourse Discourse | =1.2.0-beta1 | |
| Discourse Discourse | =1.2.0-beta2 | |
| Discourse Discourse | =1.2.0-beta3 | |
| Discourse Discourse | =1.2.0-beta4 | |
| Discourse Discourse | =1.2.0-beta5 | |
| Discourse Discourse | =1.2.0-beta6 | |
| Discourse Discourse | =1.2.0-beta7 | |
| Discourse Discourse | =1.2.0-beta8 | |
| Discourse Discourse | =1.2.0-beta9 | |
| Discourse Discourse | =1.3.0-beta1 | |
| Discourse Discourse | =1.3.0-beta10 | |
| Discourse Discourse | =1.3.0-beta11 | |
| Discourse Discourse | =1.3.0-beta2 | |
| Discourse Discourse | =1.3.0-beta3 | |
| Discourse Discourse | =1.3.0-beta4 | |
| Discourse Discourse | =1.3.0-beta5 | |
| Discourse Discourse | =1.3.0-beta6 | |
| Discourse Discourse | =1.3.0-beta7 | |
| Discourse Discourse | =1.3.0-beta8 | |
| Discourse Discourse | =1.3.0-beta9 | |
| Discourse Discourse | =1.4.0-beta1 | |
| Discourse Discourse | =1.4.0-beta10 | |
| Discourse Discourse | =1.4.0-beta11 | |
| Discourse Discourse | =1.4.0-beta12 | |
| Discourse Discourse | =1.4.0-beta2 | |
| Discourse Discourse | =1.4.0-beta3 | |
| Discourse Discourse | =1.4.0-beta4 | |
| Discourse Discourse | =1.4.0-beta5 | |
| Discourse Discourse | =1.4.0-beta6 | |
| Discourse Discourse | =1.4.0-beta7 | |
| Discourse Discourse | =1.4.0-beta8 | |
| Discourse Discourse | =1.4.0-beta9 | |
| Discourse Discourse | =1.5.0-beta1 | |
| Discourse Discourse | =1.5.0-beta10 | |
| Discourse Discourse | =1.5.0-beta11 | |
| Discourse Discourse | =1.5.0-beta12 | |
| Discourse Discourse | =1.5.0-beta13 | |
| Discourse Discourse | =1.5.0-beta13b | |
| Discourse Discourse | =1.5.0-beta14 | |
| Discourse Discourse | =1.5.0-beta2 | |
| Discourse Discourse | =1.5.0-beta3 | |
| Discourse Discourse | =1.5.0-beta4 | |
| Discourse Discourse | =1.5.0-beta5 | |
| Discourse Discourse | =1.5.0-beta6 | |
| Discourse Discourse | =1.5.0-beta7 | |
| Discourse Discourse | =1.5.0-beta8 | |
| Discourse Discourse | =1.5.0-beta9 | |
| Discourse Discourse | =1.6.0-beta1 | |
| Discourse Discourse | =1.6.0-beta10 | |
| Discourse Discourse | =1.6.0-beta11 | |
| Discourse Discourse | =1.6.0-beta12 | |
| Discourse Discourse | =1.6.0-beta2 | |
| Discourse Discourse | =1.6.0-beta3 | |
| Discourse Discourse | =1.6.0-beta4 | |
| Discourse Discourse | =1.6.0-beta5 | |
| Discourse Discourse | =1.6.0-beta6 | |
| Discourse Discourse | =1.6.0-beta7 | |
| Discourse Discourse | =1.6.0-beta8 | |
| Discourse Discourse | =1.6.0-beta9 | |
| Discourse Discourse | =1.7.0-beta1 | |
| Discourse Discourse | =1.7.0-beta10 | |
| Discourse Discourse | =1.7.0-beta11 | |
| Discourse Discourse | =1.7.0-beta2 | |
| Discourse Discourse | =1.7.0-beta3 | |
| Discourse Discourse | =1.7.0-beta4 | |
| Discourse Discourse | =1.7.0-beta5 | |
| Discourse Discourse | =1.7.0-beta6 | |
| Discourse Discourse | =1.7.0-beta7 | |
| Discourse Discourse | =1.7.0-beta8 | |
| Discourse Discourse | =1.7.0-beta9 | |
| Discourse Discourse | =1.8.0-beta1 | |
| Discourse Discourse | =1.8.0-beta10 | |
| Discourse Discourse | =1.8.0-beta11 | |
| Discourse Discourse | =1.8.0-beta12 | |
| Discourse Discourse | =1.8.0-beta13 | |
| Discourse Discourse | =1.8.0-beta2 | |
| Discourse Discourse | =1.8.0-beta3 | |
| Discourse Discourse | =1.8.0-beta4 | |
| Discourse Discourse | =1.8.0-beta5 | |
| Discourse Discourse | =1.8.0-beta6 | |
| Discourse Discourse | =1.8.0-beta7 | |
| Discourse Discourse | =1.8.0-beta8 | |
| Discourse Discourse | =1.8.0-beta9 | |
| Discourse Discourse | =1.9.0-beta1 | |
| Discourse Discourse | =1.9.0-beta10 | |
| Discourse Discourse | =1.9.0-beta11 | |
| Discourse Discourse | =1.9.0-beta12 | |
| Discourse Discourse | =1.9.0-beta13 | |
| Discourse Discourse | =1.9.0-beta14 | |
| Discourse Discourse | =1.9.0-beta15 | |
| Discourse Discourse | =1.9.0-beta16 | |
| Discourse Discourse | =1.9.0-beta17 | |
| Discourse Discourse | =1.9.0-beta2 | |
| Discourse Discourse | =1.9.0-beta3 | |
| Discourse Discourse | =1.9.0-beta4 | |
| Discourse Discourse | =1.9.0-beta5 | |
| Discourse Discourse | =1.9.0-beta6 | |
| Discourse Discourse | =1.9.0-beta7 | |
| Discourse Discourse | =1.9.0-beta8 | |
| Discourse Discourse | =1.9.0-beta9 | |
| Discourse Discourse | =2.0.0-beta1 | |
| Discourse Discourse | =2.0.0-beta10 | |
| Discourse Discourse | =2.0.0-beta2 | |
| Discourse Discourse | =2.0.0-beta3 | |
| Discourse Discourse | =2.0.0-beta4 | |
| Discourse Discourse | =2.0.0-beta5 | |
| Discourse Discourse | =2.0.0-beta6 | |
| Discourse Discourse | =2.0.0-beta7 | |
| Discourse Discourse | =2.0.0-beta8 | |
| Discourse Discourse | =2.0.0-beta9 | |
| Discourse Discourse | =2.1.0-beta1 | |
| Discourse Discourse | =2.1.0-beta2 | |
| Discourse Discourse | =2.1.0-beta3 | |
| Discourse Discourse | =2.1.0-beta4 | |
| Discourse Discourse | =2.1.0-beta5 | |
| Discourse Discourse | =2.1.0-beta6 | |
| Discourse Discourse | =2.2.0-beta1 | |
| Discourse Discourse | =2.2.0-beta10 | |
| Discourse Discourse | =2.2.0-beta2 | |
| Discourse Discourse | =2.2.0-beta3 | |
| Discourse Discourse | =2.2.0-beta4 | |
| Discourse Discourse | =2.2.0-beta5 | |
| Discourse Discourse | =2.2.0-beta6 | |
| Discourse Discourse | =2.2.0-beta7 | |
| Discourse Discourse | =2.2.0-beta8 | |
| Discourse Discourse | =2.2.0-beta9 | |
| Discourse Discourse | =2.3.0-beta1 | |
| Discourse Discourse | =2.3.0-beta10 | |
| Discourse Discourse | =2.3.0-beta11 | |
| Discourse Discourse | =2.3.0-beta2 | |
| Discourse Discourse | =2.3.0-beta3 | |
| Discourse Discourse | =2.3.0-beta4 | |
| Discourse Discourse | =2.3.0-beta5 | |
| Discourse Discourse | =2.3.0-beta6 | |
| Discourse Discourse | =2.3.0-beta7 | |
| Discourse Discourse | =2.3.0-beta8 | |
| Discourse Discourse | =2.3.0-beta9 | |
| Discourse Discourse | =2.4.0-beta1 | |
| Discourse Discourse | =2.4.0-beta10 | |
| Discourse Discourse | =2.4.0-beta11 | |
| Discourse Discourse | =2.4.0-beta2 | |
| Discourse Discourse | =2.4.0-beta3 | |
| Discourse Discourse | =2.4.0-beta4 | |
| Discourse Discourse | =2.4.0-beta5 | |
| Discourse Discourse | =2.4.0-beta6 | |
| Discourse Discourse | =2.4.0-beta7 | |
| Discourse Discourse | =2.4.0-beta8 | |
| Discourse Discourse | =2.4.0-beta9 | |
| Discourse Discourse | =2.5.0-beta1 | |
| Discourse Discourse | =2.5.0-beta2 | |
| Discourse Discourse | =2.5.0-beta3 | |
| Discourse Discourse | =2.5.0-beta4 | |
| Discourse Discourse | =2.5.0-beta5 | |
| Discourse Discourse | =2.5.0-beta6 | |
| Discourse Discourse | =2.5.0-beta7 | |
| Discourse Discourse | =2.6.0-beta1 | |
| Discourse Discourse | =2.6.0-beta2 | |
| Discourse Discourse | =2.6.0-beta3 | |
| Discourse Discourse | =2.6.0-beta4 | |
| Discourse Discourse | =2.6.0-beta5 | |
| Discourse Discourse | =2.6.0-beta6 | |
| Discourse Discourse | =2.7.0-beta1 | |
| Discourse Discourse | =2.7.0-beta2 | |
| Discourse Discourse | =2.7.0-beta3 | |
| Discourse Discourse | =2.7.0-beta4 | |
| Discourse Discourse | =2.7.0-beta5 | |
| Discourse Discourse | =2.7.0-beta6 | |
| Discourse Discourse | =2.7.0-beta7 | |
| Discourse Discourse | =2.7.0-beta8 | |
| Discourse Discourse | =2.7.0-beta9 | |
| Discourse Discourse | =2.8.0-beta1 | |
| Discourse Discourse | =2.8.0-beta10 | |
| Discourse Discourse | =2.8.0-beta11 | |
| Discourse Discourse | =2.8.0-beta2 | |
| Discourse Discourse | =2.8.0-beta3 | |
| Discourse Discourse | =2.8.0-beta4 | |
| Discourse Discourse | =2.8.0-beta5 | |
| Discourse Discourse | =2.8.0-beta6 | |
| Discourse Discourse | =2.8.0-beta7 | |
| Discourse Discourse | =2.8.0-beta8 | |
| Discourse Discourse | =2.8.0-beta9 | |
| Discourse Discourse | =2.9.0-beta1 | |
| Discourse Discourse | =2.9.0-beta10 | |
| Discourse Discourse | =2.9.0-beta11 | |
| Discourse Discourse | =2.9.0-beta12 | |
| Discourse Discourse | =2.9.0-beta13 | |
| Discourse Discourse | =2.9.0-beta14 | |
| Discourse Discourse | =2.9.0-beta2 | |
| Discourse Discourse | =2.9.0-beta3 | |
| Discourse Discourse | =2.9.0-beta4 | |
| Discourse Discourse | =2.9.0-beta5 | |
| Discourse Discourse | =2.9.0-beta6 | |
| Discourse Discourse | =2.9.0-beta7 | |
| Discourse Discourse | =2.9.0-beta8 | |
| Discourse Discourse | =2.9.0-beta9 | |
| Discourse Discourse | =3.0.0-beta15 | |
| Discourse Discourse | =3.0.0-beta16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164
- https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f
- https://github.com/discourse/discourse/pull/20004
- https://github.com/discourse/discourse/pull/20005
- https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/discourse
- canonical/discourse discourse
- version/discourse discourse/1.1.0-beta1
- version/discourse discourse/1.1.0-beta2
- version/discourse discourse/1.1.0-beta3
- version/discourse discourse/1.1.0-beta4
- version/discourse discourse/1.1.0-beta5
- version/discourse discourse/1.1.0-beta6
- version/discourse discourse/1.1.0-beta6b
- version/discourse discourse/1.1.0-beta7
- version/discourse discourse/1.1.0-beta8
- version/discourse discourse/1.2.0-beta1
- version/discourse discourse/1.2.0-beta2
- version/discourse discourse/1.2.0-beta3
- version/discourse discourse/1.2.0-beta4
- version/discourse discourse/1.2.0-beta5
- version/discourse discourse/1.2.0-beta6
- version/discourse discourse/1.2.0-beta7
- version/discourse discourse/1.2.0-beta8
- version/discourse discourse/1.2.0-beta9
- version/discourse discourse/1.3.0-beta1
- version/discourse discourse/1.3.0-beta10
- version/discourse discourse/1.3.0-beta11
- version/discourse discourse/1.3.0-beta2
- version/discourse discourse/1.3.0-beta3
- version/discourse discourse/1.3.0-beta4
- version/discourse discourse/1.3.0-beta5
- version/discourse discourse/1.3.0-beta6
- version/discourse discourse/1.3.0-beta7
- version/discourse discourse/1.3.0-beta8
- version/discourse discourse/1.3.0-beta9
- version/discourse discourse/1.4.0-beta1
- version/discourse discourse/1.4.0-beta10
- version/discourse discourse/1.4.0-beta11
- version/discourse discourse/1.4.0-beta12
- version/discourse discourse/1.4.0-beta2
- version/discourse discourse/1.4.0-beta3
- version/discourse discourse/1.4.0-beta4
- version/discourse discourse/1.4.0-beta5
- version/discourse discourse/1.4.0-beta6
- version/discourse discourse/1.4.0-beta7
- version/discourse discourse/1.4.0-beta8
- version/discourse discourse/1.4.0-beta9
- version/discourse discourse/1.5.0-beta1
- version/discourse discourse/1.5.0-beta10
- version/discourse discourse/1.5.0-beta11
- version/discourse discourse/1.5.0-beta12
- version/discourse discourse/1.5.0-beta13
- version/discourse discourse/1.5.0-beta13b
- version/discourse discourse/1.5.0-beta14
- version/discourse discourse/1.5.0-beta2
- version/discourse discourse/1.5.0-beta3
- version/discourse discourse/1.5.0-beta4
- version/discourse discourse/1.5.0-beta5
- version/discourse discourse/1.5.0-beta6
- version/discourse discourse/1.5.0-beta7
- version/discourse discourse/1.5.0-beta8
- version/discourse discourse/1.5.0-beta9
- version/discourse discourse/1.6.0-beta1
- version/discourse discourse/1.6.0-beta10
- version/discourse discourse/1.6.0-beta11
- version/discourse discourse/1.6.0-beta12
- version/discourse discourse/1.6.0-beta2
- version/discourse discourse/1.6.0-beta3
- version/discourse discourse/1.6.0-beta4
- version/discourse discourse/1.6.0-beta5
- version/discourse discourse/1.6.0-beta6
- version/discourse discourse/1.6.0-beta7
- version/discourse discourse/1.6.0-beta8
- version/discourse discourse/1.6.0-beta9
- version/discourse discourse/1.7.0-beta1
- version/discourse discourse/1.7.0-beta10
- version/discourse discourse/1.7.0-beta11
- version/discourse discourse/1.7.0-beta2
- version/discourse discourse/1.7.0-beta3
- version/discourse discourse/1.7.0-beta4
- version/discourse discourse/1.7.0-beta5
- version/discourse discourse/1.7.0-beta6
- version/discourse discourse/1.7.0-beta7
- version/discourse discourse/1.7.0-beta8
- version/discourse discourse/1.7.0-beta9
- version/discourse discourse/1.8.0-beta1
- version/discourse discourse/1.8.0-beta10
- version/discourse discourse/1.8.0-beta11
- version/discourse discourse/1.8.0-beta12
- version/discourse discourse/1.8.0-beta13
- version/discourse discourse/1.8.0-beta2
- version/discourse discourse/1.8.0-beta3
- version/discourse discourse/1.8.0-beta4
- version/discourse discourse/1.8.0-beta5
- version/discourse discourse/1.8.0-beta6
- version/discourse discourse/1.8.0-beta7
- version/discourse discourse/1.8.0-beta8
- version/discourse discourse/1.8.0-beta9
- version/discourse discourse/1.9.0-beta1
- version/discourse discourse/1.9.0-beta10
- version/discourse discourse/1.9.0-beta11
- version/discourse discourse/1.9.0-beta12
- version/discourse discourse/1.9.0-beta13
- version/discourse discourse/1.9.0-beta14
- version/discourse discourse/1.9.0-beta15
- version/discourse discourse/1.9.0-beta16
- version/discourse discourse/1.9.0-beta17
- version/discourse discourse/1.9.0-beta2
- version/discourse discourse/1.9.0-beta3
- version/discourse discourse/1.9.0-beta4
- version/discourse discourse/1.9.0-beta5
- version/discourse discourse/1.9.0-beta6
- version/discourse discourse/1.9.0-beta7
- version/discourse discourse/1.9.0-beta8
- version/discourse discourse/1.9.0-beta9
- version/discourse discourse/2.0.0-beta1
- version/discourse discourse/2.0.0-beta10
- version/discourse discourse/2.0.0-beta2
- version/discourse discourse/2.0.0-beta3
- version/discourse discourse/2.0.0-beta4
- version/discourse discourse/2.0.0-beta5
- version/discourse discourse/2.0.0-beta6
- version/discourse discourse/2.0.0-beta7
- version/discourse discourse/2.0.0-beta8
- version/discourse discourse/2.0.0-beta9
- version/discourse discourse/2.1.0-beta1
- version/discourse discourse/2.1.0-beta2
- version/discourse discourse/2.1.0-beta3
- version/discourse discourse/2.1.0-beta4
- version/discourse discourse/2.1.0-beta5
- version/discourse discourse/2.1.0-beta6
- version/discourse discourse/2.2.0-beta1
- version/discourse discourse/2.2.0-beta10
- version/discourse discourse/2.2.0-beta2
- version/discourse discourse/2.2.0-beta3
- version/discourse discourse/2.2.0-beta4
- version/discourse discourse/2.2.0-beta5
- version/discourse discourse/2.2.0-beta6
- version/discourse discourse/2.2.0-beta7
- version/discourse discourse/2.2.0-beta8
- version/discourse discourse/2.2.0-beta9
- version/discourse discourse/2.3.0-beta1
- version/discourse discourse/2.3.0-beta10
- version/discourse discourse/2.3.0-beta11
- version/discourse discourse/2.3.0-beta2
- version/discourse discourse/2.3.0-beta3
- version/discourse discourse/2.3.0-beta4
- version/discourse discourse/2.3.0-beta5
- version/discourse discourse/2.3.0-beta6
- version/discourse discourse/2.3.0-beta7
- version/discourse discourse/2.3.0-beta8
- version/discourse discourse/2.3.0-beta9
- version/discourse discourse/2.4.0-beta1
- version/discourse discourse/2.4.0-beta10
- version/discourse discourse/2.4.0-beta11
- version/discourse discourse/2.4.0-beta2
- version/discourse discourse/2.4.0-beta3
- version/discourse discourse/2.4.0-beta4
- version/discourse discourse/2.4.0-beta5
- version/discourse discourse/2.4.0-beta6
- version/discourse discourse/2.4.0-beta7
- version/discourse discourse/2.4.0-beta8
- version/discourse discourse/2.4.0-beta9
- version/discourse discourse/2.5.0-beta1
- version/discourse discourse/2.5.0-beta2
- version/discourse discourse/2.5.0-beta3
- version/discourse discourse/2.5.0-beta4
- version/discourse discourse/2.5.0-beta5
- version/discourse discourse/2.5.0-beta6
- version/discourse discourse/2.5.0-beta7
- version/discourse discourse/2.6.0-beta1
- version/discourse discourse/2.6.0-beta2
- version/discourse discourse/2.6.0-beta3
- version/discourse discourse/2.6.0-beta4
- version/discourse discourse/2.6.0-beta5
- version/discourse discourse/2.6.0-beta6
- version/discourse discourse/2.7.0-beta1
- version/discourse discourse/2.7.0-beta2
- version/discourse discourse/2.7.0-beta3
- version/discourse discourse/2.7.0-beta4
- version/discourse discourse/2.7.0-beta5
- version/discourse discourse/2.7.0-beta6
- version/discourse discourse/2.7.0-beta7
- version/discourse discourse/2.7.0-beta8
- version/discourse discourse/2.7.0-beta9
- version/discourse discourse/2.8.0-beta1
- version/discourse discourse/2.8.0-beta10
- version/discourse discourse/2.8.0-beta11
- version/discourse discourse/2.8.0-beta2
- version/discourse discourse/2.8.0-beta3
- version/discourse discourse/2.8.0-beta4
- version/discourse discourse/2.8.0-beta5
- version/discourse discourse/2.8.0-beta6
- version/discourse discourse/2.8.0-beta7
- version/discourse discourse/2.8.0-beta8
- version/discourse discourse/2.8.0-beta9
- version/discourse discourse/2.9.0-beta1
- version/discourse discourse/2.9.0-beta10
- version/discourse discourse/2.9.0-beta11
- version/discourse discourse/2.9.0-beta12
- version/discourse discourse/2.9.0-beta13
- version/discourse discourse/2.9.0-beta14
- version/discourse discourse/2.9.0-beta2
- version/discourse discourse/2.9.0-beta3
- version/discourse discourse/2.9.0-beta4
- version/discourse discourse/2.9.0-beta5
- version/discourse discourse/2.9.0-beta6
- version/discourse discourse/2.9.0-beta7
- version/discourse discourse/2.9.0-beta8
- version/discourse discourse/2.9.0-beta9
- version/discourse discourse/3.0.0-beta15
- version/discourse discourse/3.0.0-beta16