CVE-2024-56197

Users can see other user's tagged PMs in Discourse

Description

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.

INFO

Published Date :

2025-02-04T20:59:13.464Z

Last Modified :

2025-02-05T15:06:02.360Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-56197 vulnerability.

Vendors	Products
Discourse	Discourse

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56197.

URL	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-xmgr-g9cp-v239

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact