CVE-2023-45131: Unauthenticated access to new private chat messages in Discourse
First published: Mon Oct 16 2023(Updated: )
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discourse Discourse | <=3.1.1 | |
| Discourse Discourse | =3.2.0-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-45131?
CVE-2023-45131 is a vulnerability in Discourse, an open source platform for community discussion, which allows unauthenticated users to read new chat messages by making a POST request to MessageBus.
What is the severity of CVE-2023-45131?
The severity of CVE-2023-45131 is high with a CVSS score of 7.5.
How does CVE-2023-45131 impact Discourse?
CVE-2023-45131 allows unauthenticated users to read new chat messages in Discourse.
How can I fix CVE-2023-45131?
To fix CVE-2023-45131, users are advised to upgrade to the patched versions of Discourse: 3.1.1 stable or 3.2.0.beta2.
Are there any workarounds for CVE-2023-45131?
There are no known workarounds for CVE-2023-45131. Upgrading to the patched versions of Discourse is recommended.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/discourse
- canonical/discourse discourse
- version/discourse discourse/3.1.1
- version/discourse discourse/3.2.0-beta1