Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/security/advisories/GHSA-7px5-fqcf-7mfr | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-16T21:22:24.719Z
Updated: 2023-10-16T21:22:24.719Z
Reserved: 2023-09-28T17:56:32.613Z
Link: CVE-2023-44391
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-16T22:15:12.477
Modified: 2023-10-20T17:50:08.850
Link: CVE-2023-44391
JSON object: View
Redhat Information
No data.