CVE-2023-45147: Infoleak
First published: Mon Oct 16 2023(Updated: )
Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Discourse Discourse | <=3.1.1 | |
| Discourse Discourse | =3.2.0-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Discourse vulnerability?
The vulnerability ID for this Discourse vulnerability is CVE-2023-45147.
What is Discourse?
Discourse is an open source community platform.
What is the severity level of CVE-2023-45147?
The severity level of CVE-2023-45147 is medium.
How can this vulnerability be exploited?
This vulnerability can be exploited by any user who can create a topic and add arbitrary custom fields to a topic.
How can I fix this vulnerability in Discourse?
To fix this vulnerability, update Discourse to version 3.2.0-beta1 or higher.
- collector/nvd-index
- collector/nvd-api
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/discourse
- canonical/discourse discourse
- version/discourse discourse/3.1.1
- version/discourse discourse/3.2.0-beta1