CVE-2023-45147

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Oct 16, 2023

Updated: Nov 1, 2023

CWE ID 200

Summary

CVE-2023-45147 affects Discourse, an open-source community platform. In vulnerable versions, users can add arbitrary custom fields to any topic. The severity of this issue depends on the specific plugins installed and their usage of topic custom fields. For default Discourse installations with default plugins, this vulnerability has no impact. Users are advised to update to the latest version, 3.1.1 for stable releases, or 3.2.0.beta2 for beta versions. Alternatively, users unable to upgrade should disable any plugins that access topic custom fields to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s5GBkI
https://www.cve.org/CVERecord?id=CVE-2023-45147
https://nvd.nist.gov/vuln/detail/CVE-2023-45147

Back to Vulnerability Database

CVE-2023-45147

CVSS 3.1 Score 3.1 of 10 (low)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations