CVE-2024-45297

Prevent topic list filtering by hidden tags for unauthorized users in Discourse

Description

Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-10-07T20:24:05.044Z

Last Modified :

2024-10-08T18:13:28.994Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-45297 vulnerability.

Vendors	Products
Discourse	Discourse

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45297.

URL	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-58xw-3qr3-53gp

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact