CVE-2023-31142
First published: Tue Jun 13 2023(Updated: )
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discourse Discourse | <3.0.4 | |
| Discourse Discourse | =3.1.0-beta1 | |
| Discourse Discourse | =3.1.0-beta2 | |
| Discourse Discourse | =3.1.0-beta3 | |
| Discourse Discourse | =3.1.0-beta4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-31142?
The severity of CVE-2023-31142 is medium with a CVSS score of 5.3.
How can I fix the vulnerability CVE-2023-31142?
To fix the vulnerability CVE-2023-31142, update your Discourse platform to version 3.0.4 or higher.
What is the affected software version of CVE-2023-31142?
The affected software version of CVE-2023-31142 is Discourse version 3.0.4 and below.
Is there a patch available for CVE-2023-31142?
Yes, the issue is patched in version 3.0.4 of the Discourse platform.
Where can I find more information about CVE-2023-31142?
You can find more information about CVE-2023-31142 in the GitHub Security Advisory GHSA-286w-97m2-78x2.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- vendor/discourse
- canonical/discourse discourse
- version/discourse discourse/3.1.0-beta1
- version/discourse discourse/3.1.0-beta2
- version/discourse discourse/3.1.0-beta3
- version/discourse discourse/3.1.0-beta4