CVE-2023-45131

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 16, 2023

Updated: Oct 19, 2023

CWE ID 200

Summary

CVE-2023-45131 is a vulnerability affecting Discourse, an open-source community discussion platform. Maliciously crafted POST requests sent to the MessageBus can be used to read new chat messages without authentication. This issue poses a significant risk as it allows unauthorized access to private chat content. Discourse has released patches for this vulnerability in versions 3.1.1 and 3.2.0.beta2. Users are strongly advised to upgrade as soon as possible. At present, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5FyDP
https://www.cve.org/CVERecord?id=CVE-2023-45131
https://nvd.nist.gov/vuln/detail/CVE-2023-45131

Back to Vulnerability Database

CVE-2023-45131

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations