CVE-2023-22453

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22453

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22453.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-22453

Aliases

BIT-discourse-2023-22453
GHSA-xx97-6494-p2rv

Published

2023-01-05T20:15:18Z

Modified

2024-10-12T10:41:16.982907Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround.

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cbcf8a064b4889a19c991641e09c399bfa1ef2ad

Affected versions

v0.*

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.2

v0.9.2.5

v0.9.2.6

v0.9.3

v0.9.3.5

v0.9.4

v0.9.5

v0.9.5.1

v0.9.5.2

v0.9.6

v0.9.6.1

v0.9.6.2

v0.9.6.3

v0.9.6.4

v0.9.7

v0.9.7.1

v0.9.7.2

v0.9.7.3

v0.9.7.4

v0.9.7.5

v0.9.7.6

v0.9.7.7

v0.9.7.8

v0.9.7.9

v0.9.8

v0.9.8.1

v0.9.8.10

v0.9.8.11

v0.9.8.2

v0.9.8.3

v0.9.8.4

v0.9.8.5

v0.9.8.6

v0.9.8.7

v0.9.8.8

v0.9.8.9

v0.9.9.1

v0.9.9.10

v0.9.9.11

v0.9.9.12

v0.9.9.13

v0.9.9.14

v0.9.9.15

v0.9.9.16

v0.9.9.17

v0.9.9.18

v0.9.9.2

v0.9.9.3

v0.9.9.4

v0.9.9.5

v0.9.9.6

v0.9.9.7

v0.9.9.8

v0.9.9.9

v1.*

v1.0.0

v1.1.0.beta2

v1.1.0.beta3

v1.1.0.beta4

v1.1.0.beta5

v1.1.0.beta6

v1.1.0.beta6b

v1.1.0.beta7

v1.1.0.beta8

v1.2.0.beta1

v1.2.0.beta2

v1.2.0.beta3

v1.2.0.beta4

v1.2.0.beta5

v1.2.0.beta6

v1.2.0.beta7

v1.2.0.beta8

v1.2.0.beta9

v1.3.0.beta1

v1.3.0.beta10

v1.3.0.beta11

v1.3.0.beta2

v1.3.0.beta3

v1.3.0.beta4

v1.3.0.beta5

v1.3.0.beta6

v1.3.0.beta7

v1.3.0.beta9

v1.4.0.beta1

v1.4.0.beta10

v1.4.0.beta11

v1.4.0.beta12

v1.4.0.beta2

v1.4.0.beta3

v1.4.0.beta4

v1.4.0.beta5

v1.4.0.beta6

v1.4.0.beta7

v1.4.0.beta8

v1.4.0.beta9

v1.5.0.beta1

v1.5.0.beta10

v1.5.0.beta11

v1.5.0.beta12

v1.5.0.beta13

v1.5.0.beta13b

v1.5.0.beta14

v1.5.0.beta2

v1.5.0.beta3

v1.5.0.beta4

v1.5.0.beta5

v1.5.0.beta6

v1.5.0.beta7

v1.5.0.beta8

v1.5.0.beta9

v1.6.0.beta1

v1.6.0.beta10

v1.6.0.beta11

v1.6.0.beta12

v1.6.0.beta2

v1.6.0.beta3

v1.6.0.beta4

v1.6.0.beta5

v1.6.0.beta6

v1.6.0.beta7

v1.6.0.beta8

v1.6.0.beta9

v1.7.0.beta1

v1.7.0.beta10

v1.7.0.beta11

v1.7.0.beta2

v1.7.0.beta3

v1.7.0.beta4

v1.7.0.beta5

v1.7.0.beta6

v1.7.0.beta7

v1.7.0.beta8

v1.7.0.beta9

v1.8.0.beta1

v1.8.0.beta10

v1.8.0.beta11

v1.8.0.beta12

v1.8.0.beta13

v1.8.0.beta2

v1.8.0.beta3

v1.8.0.beta4

v1.8.0.beta5

v1.8.0.beta6

v1.8.0.beta7

v1.8.0.beta8

v1.8.0.beta9

v1.9.0.beta1

v1.9.0.beta10

v1.9.0.beta11

v1.9.0.beta12

v1.9.0.beta13

v1.9.0.beta14

v1.9.0.beta15

v1.9.0.beta16

v1.9.0.beta17

v1.9.0.beta2

v1.9.0.beta3

v1.9.0.beta4

v1.9.0.beta5

v1.9.0.beta6

v1.9.0.beta7

v1.9.0.beta8

v1.9.0.beta9

v2.*

v2.0.0.beta1

v2.0.0.beta10

v2.0.0.beta2

v2.0.0.beta3

v2.0.0.beta4

v2.0.0.beta5

v2.0.0.beta6

v2.0.0.beta7

v2.0.0.beta8

v2.0.0.beta9

v2.1.0.beta1

v2.1.0.beta2

v2.1.0.beta3

v2.1.0.beta4

v2.1.0.beta5

v2.1.0.beta6

v2.2.0.beta1

v2.2.0.beta10

v2.2.0.beta2

v2.2.0.beta3

v2.2.0.beta4

v2.2.0.beta5

v2.2.0.beta6

v2.2.0.beta7

v2.2.0.beta8

v2.2.0.beta9

v2.3.0.beta1

v2.3.0.beta10

v2.3.0.beta11

v2.3.0.beta2

v2.3.0.beta3

v2.3.0.beta4

v2.3.0.beta5

v2.3.0.beta6

v2.3.0.beta7

v2.3.0.beta8

v2.3.0.beta9

v2.4.0.beta1

v2.4.0.beta10

v2.4.0.beta11

v2.4.0.beta2

v2.4.0.beta3

v2.4.0.beta4

v2.4.0.beta5

v2.4.0.beta6

v2.4.0.beta7

v2.4.0.beta8

v2.4.0.beta9

v2.5.0.beta1

v2.5.0.beta2

v2.5.0.beta3

v2.5.0.beta4

v2.5.0.beta5

v2.5.0.beta6

v2.5.0.beta7

v2.6.0.beta1

v2.6.0.beta2

v2.6.0.beta3

v2.6.0.beta4

v2.6.0.beta5

v2.6.0.beta6

v2.7.0.beta1

v2.7.0.beta2

v2.7.0.beta3

v2.7.0.beta4

v2.7.0.beta5

v2.7.0.beta6

v2.7.0.beta7

v2.7.0.beta8

v2.7.0.beta9

v2.8.0.beta1

v2.8.0.beta10

v2.8.0.beta11

v2.8.0.beta2

v2.8.0.beta3

v2.8.0.beta4

v2.8.0.beta5

v2.8.0.beta6

v2.8.0.beta7

v2.8.0.beta8

v2.8.0.beta9

v2.9.0.beta1

v2.9.0.beta10

v2.9.0.beta11

v2.9.0.beta12

v2.9.0.beta13

v2.9.0.beta14

v2.9.0.beta2

v2.9.0.beta3

v2.9.0.beta4

v2.9.0.beta5

v2.9.0.beta6

v2.9.0.beta7

v2.9.0.beta8

v2.9.0.beta9

v3.*

v3.0.0.beta15