Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-17T15:15Z
Modified Date2023-03-23T20:21Z
CWE TypeNVD-CWE-noinfo
DescriptionDiscourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/discourse/discourse/pull/20004
Reference DescriptionMISC https://github.com/discourse/discourse/pull/20004
Reference URLhttps://github.com/discourse/discourse/pull/20005
Reference DescriptionMISC https://github.com/discourse/discourse/pull/20005
Reference URLhttps://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164
Reference DescriptionMISC https://github.com/discourse/discourse/commit/105fee978d73b0ec23ff814a09d1c0c9ace95164
Reference URLhttps://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f
Reference DescriptionMISC https://github.com/discourse/discourse/commit/ecb9aa5dba94741d9579f4f873f0675f48b4184f
Reference URLhttps://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795
Reference DescriptionMISC https://github.com/discourse/discourse/security/advisories/GHSA-2wvr-4x7w-v795
TagsIssue Tracking Patch

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles