CVE-2023-45131
Unauthenticated access to new private chat messages in Discourse
7.5
HIGH
CVSS 3.1
EPSS 7.4%
Description
Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
How to fix CVE-2023-45131
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2023-45131 being exploited?
Moderate — EPSS is 7.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, <= 3.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |