Home > Vulnerability Database > CVE-2023-43814

Mend.io Vulnerability Database

CVE-2023-43814

Date: October 16, 2023

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the "/polls/grouped_poll_results" endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.

Language: Ruby

Severity Score

3.7

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-43814

Url: https://github.com/discourse/discourse/security/advisories/GHSA-3x57-846g-7qcw

Url: https://www.mend.io/vulnerability-database/CVE-2023-43814

Severity Score

3.7

Weakness Type (CWE)

Improper Access Control

CWE-284

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-43814

Date: October 16, 2023

Language: Ruby

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?