CVE-2023-34250

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-34250

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34250.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-34250

Aliases

BIT-discourse-2023-34250
GHSA-q8m5-wmjr-3ppg

Published

2023-06-13T21:41:29.652Z

Modified

2026-04-16T03:47:10.148251Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Summary

Discourse vulnerable to exposure of number of topics recently created in private categories

Details

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the actual content thereof) in categories they didn't have access to. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. There are no known workarounds.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34250.json",
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse
Events: Introduced

17daf077e2f11def391859f83d294bb71760b1cf

Fixed

286dfcacb44b76f1a3a89d85c4602ef957bebac0

Affected versions

v3.*

v3.1.0.beta1

v3.1.0.beta2

v3.1.0.beta3

v3.1.0.beta4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34250.json"