Description
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| discourse | discourse | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-26615 | Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username.json` endpoint. The issue is patched in version 2.8.14 and 3.0.0.beta16. There is no known workaround. |
References
History
Mon, 10 Mar 2025 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-03-10T21:31:52.286Z
Reserved: 2022-12-29T03:00:40.877Z
Link: CVE-2023-22453
Vulnrichment
Updated: 2024-08-02T10:13:48.398Z
NVD
Status : Modified
Published: 2023-01-05T20:15:18.743
Modified: 2024-11-21T07:44:50.127
Link: CVE-2023-22453
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses