Description

Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. On login-required sites, the leak meant that some content on the site's homepage could be visible to unauthenticated users. Only login-required sites that got deployed during this timeframe are affected, roughly between April 30 2025 noon EDT and May 2 2025, noon EDT. Sites on the stable branch are unaffected. Private content on an instance's homepage could be visible to unauthenticated users on login-required sites. Versions of 3.5.0.beta4 after commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b are not vulnerable to the issue. No workarounds are available. Sites must upgrade to a non-vulnerable version of Discourse.

INFO

Published Date :

2025-05-05T20:03:46.289Z

Last Modified :

2025-05-06T13:44:48.303Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46813 vulnerability.

Vendors Products
Discourse
  • Discourse
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46813.

URL Resource
https://github.com/discourse/discourse/commit/10df7fdee060d44accdee7679d66d778d1136510 cve-icon cve-icon
https://github.com/discourse/discourse/commit/82d84af6b0efbd9fa2aeec3e91ce7be1a768511b cve-icon cve-icon
https://github.com/discourse/discourse/security/advisories/GHSA-v3h7-c287-pfg9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact