Home > Vulnerability Database > CVE-2023-23624

Mend.io Vulnerability Database

CVE-2023-23624

Date: January 27, 2023

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the "stable" branch and version 3.1.0.beta2 on the "beta" and "tests-passed" branches, someone can use the "exclude_tag param" to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the "stable" branch and version 3.1.0.beta2 on the "beta" and "tests-passed" branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.

Language: Ruby

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23624

Url: https://github.com/discourse/discourse/commit/f55e0fe7910149c431861c18ce407d1be0d6091a

Url: https://github.com/discourse/discourse/pull/20006

Url: https://github.com/discourse/discourse/security/advisories/GHSA-qgj5-g5vf-fm7q

Url: https://www.mend.io/vulnerability-database/CVE-2023-23624

Severity Score

4.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23624

Date: January 27, 2023

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?