First published: Tue Jun 13 2023(Updated: )
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Discourse Discourse | <3.0.4 | |
Discourse Discourse | =3.1.0-beta1 | |
Discourse Discourse | =3.1.0-beta2 | |
Discourse Discourse | =3.1.0-beta3 | |
Discourse Discourse | =3.1.0-beta4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-31142 is medium with a CVSS score of 5.3.
To fix the vulnerability CVE-2023-31142, update your Discourse platform to version 3.0.4 or higher.
The affected software version of CVE-2023-31142 is Discourse version 3.0.4 and below.
Yes, the issue is patched in version 3.0.4 of the Discourse platform.
You can find more information about CVE-2023-31142 in the GitHub Security Advisory GHSA-286w-97m2-78x2.