Home > Vulnerability Database > CVE-2023-49099

Mend.io Vulnerability Database

CVE-2023-49099

Good to know:

Date: January 12, 2024

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.

Language: Ruby

Severity Score

4.3

Related Resources (4)

Url: https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4

Url: https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49099

Url: https://www.mend.io/vulnerability-database/CVE-2023-49099

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v3.1.4

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49099

Good to know:

Date: January 12, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?